Hi Kosuke,
the intention of the authors is option 1 ("Use App Attest only during
attestation generation, and rely on Keychain Services for subsequent PoP JWT
signing."). The main motivation for this is to have a common format and
mechanism across all platforms. Furthermore, the clients backend/attester may
have additional signals beyond Apple's app attest that are input for making
the decision to issue a client attestation.
Best regards, Paul
_______________________________________________
OAuth mailing list -- [email protected]
To unsubscribe send an email to [email protected]
