Skip to content

Attempt to make OAuth2 security recommendations more actionable #534

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Attempt to make OAuth2 security recommendations more actionable #534

wants to merge 1 commit into from

Conversation

jogu
Copy link
Contributor

@jogu jogu commented May 31, 2025

Daniel Fett pointed out that the current wording around the Best Current Practice for OAuth 2.0 Security document is misleading as VCI does not mention all the best current practices.

Reword to try and address this.

Add a recommendation to use FAPI2 as a way to comply with the BCP, and add some notes around where FAPI2 might not be applicable.

Also replace the references to RFC9700 with BCP240 as it is likely to be an evolving document.

closes #291

@jogu
Attempt to make OAuth2 security recommendations more actionable
5374938 
Daniel Fett pointed out that the current wording around the Best Current
Practice for OAuth 2.0 Security document is misleading as VCI does not
mention all the best current practices.

Reword to try and address this.

Add a recommendation to use FAPI2 as a way to comply with the BCP, and
add some notes around where FAPI2 might not be applicable.

Also replace the references to RFC9700 with BCP240 as it is likely to be
an evolving document.

closes #291
@jogu jogu requested a review from danielfett May 31, 2025 20:11
@jogu jogu added this to the Final 1.0 milestone Jun 3, 2025
tplooker
tplooker approved these changes Jun 8, 2025
View reviewed changes
Copy link
Contributor

@tplooker tplooker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, good improvement to just reference the BCP here more generally.

@jogu jogu mentioned this pull request Jun 10, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tplooker tplooker tplooker approved these changes

@danielfett danielfett Awaiting requested review from danielfett

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Final 1.0
Development

Successfully merging this pull request may close these issues.

Improve content of security recommendations
2 participants
@jogu @tplooker