OpenID4VP icon indicating copy to clipboard operation
OpenID4VP copied to clipboard

Published 20 hours ago verified publisher icon openid

Mandate JAR-encoded Request Objects

Open paulbastian opened this issue 1 year ago • 13 comments

It should be discussed to mandate the JAR-encoded Authorization Request according to RFC9101 and restrict usage of URL- encoded Authorization Request from RFC6749 as

  1. they do not offer integrity
  2. they do not offer authenticity

Restricting the URL-encoded pattern could result in a significant security improvement.

paulbastian avatar Jan 14 '24 18:01 paulbastian