Hi all, I'd like to draw your attention to a discussion that came up in the OpenID Foundation's FAPI working group.
As you know, FAPI mostly builds upon standardized OAuth and OIDC features. Nonetheless, it is hard to find client libraries that can be used "out of the box" with a FAPI. Many client libraries only support a very limited subset of features, lacking support even, for example, for PKCE. And for many common languages or frameworks, only one or two maintained libraries exist at all. This means that many client implementers still have to roll their own code for OAuth and OIDC integrations, with the well-known consequences for security and interoperability. As Dave pointed out on today's FAPI call, high-quality libraries would likely be a huge boost for security in the OAuth/OIDC space. I'd like to invite you to join the discussion over at the FAPI working group: https://bitbucket.org/openid/fapi/issues/433/track-fapi-compliant-rp-libraries -Daniel -- https://danielfett.de
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
