Closed nikosft closed 3 months ago
OpenID and OAuth already have mechanisms for ordinarily signed JWTs as a means of client authentication toward an AS, such as private key jwt and token exchange so I'm unsure how supporting this would be any different to those existing mechanisms?
Yes you are right
I believe there are many existing systems that generate "client attestations" and can benefit from this draft, examples of such client attestations are:
However in all these solutions, attestations are not bound to any key.