MTLS-OIDC
Tokens bound to mTLS client certificate.
Definition
FAPI 2.0 Baseline (May 2024 final, OpenID Foundation) mandates mTLS sender-constrained tokens, PAR (Pushed Authorization Requests), JARM (JWT-Secured Authorization Response Mode). Used by Open Banking UK, Brazil Open Finance, NextGenPSD2 Berlin Group. FAPI 2.0 Advanced profile adds optional DPoP.
Origin
FAPI 1.0 published 2018 ; FAPI 2.0 Baseline final May 2024.
Example in context
A UK bank uses FAPI 2.0 + mTLS to expose accounts to an AISP via Open Banking UK.
Related terms
- mTLS — base transport.