Reply to

Regarding our conversation yesterday for OAuth and API aggregation, I mentioned that while working on PSD2/Open Banking we've been doing similar, for instance with a third party who would register on behalf of a fourth party.

I've tracked down as the definition for the way this works with the use of new fields in the Signed Software Assertions (for use with

It may be worth reaching out to OpenID/Open Banking to see if they've got this officially specified about this, or whether this is the latest source of truth you can use

Hope this helps with your hope to standardise this into an OAuth spec!

This post was filed under replies.

Interactions with this post

Interactions with this post

Below you can find the interactions that this page has had using WebMention.

Have you written a response to this post? Let me know the URL:

Do you not have a website set up with WebMention capabilities? You can use Comment Parade.