·
5 commits
to main
since this release
- clarify usage of client attestation outside of oauth2 applications
- add oauth error response values invalid_client_attestation and use_attestation_challenge
- revert the HTTP OPTIONS mechanism to fetch nonces and add a dedicated challenge endpoint
- rename nonce to challenge
- rewrite security consideration on replay attacks
- add implementation consideration on replay attacks
- remove exp from Client Attestation PoP JWT