Guest Blog: Implementing App-to-App Authorisation in OAuth2/OpenID Connect

What is app2app? App2app is a mechanism that allows mobile apps performing OAuth2 or OpenID Connect based authentication to offer a much simpler faster flow if the user already has an app provided by the authorization server owner installed on their mobile device. Here’s how it actually looks when I […]


Welcoming New OpenID Foundation Vice-Chairman   Recently updated !

Before I welcome our new Vice-Chairman, on behalf of the OpenID Foundation, I would like to thank Adam Dawes of Google who has served on the Board of Directors for years as Vice-Chairman. Adam’s contributions to the board, the community and his leadership of Working Groups, most recently the groundbreaking […]


Public Review Period for OpenID Connect for Identity Assurance Specification Started   Recently updated !

The OpenID OpenID Connect Working Group recommends approval of the following specification as an OpenID Implementer’s Draft: OpenID Connect for Identity Assurance 1.0 An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This note starts the 45-day public review period […]


OpenID Certification Program Expands with the Release of Financial-grade API Client Initiated Backchannel Authentication Profile (FAPI-CIBA) Certification

The OpenID Foundation announced today its expansion of the OpenID Certification program with conformance testing and self-certification of Financial-grade API Client Initiated Backchannel Authentication Profile (FAPI-CIBA) OpenID Providers. The ability to self-certify FAPI-CIBA implementations builds on the availability and success of Financial-grade API (FAPI) certifications whereby a number of vendors […]


Implementer’s Draft of FAPI Client Initiated Backchannel Authentication (CIBA) Profile Approved

The OpenID Foundation membership has approved the following specification as an OpenID Implementer’s Draft: Financial-grade API: Client Initiated Backchannel Authentication Profile An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This is the first Implementer’s Draft of this specification. This […]


Implementer’s Drafts of Two EAP Specifications Approved

The OpenID Foundation membership has approved the following Enhanced Authentication Profile (EAP) specifications as OpenID Implementer’s Drafts: OpenID Connect Token Bound Authentication 1.0 OpenID Connect Extended Authentication Profile (EAP) ACR Values 1.0 An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the […]