|
|
|
|
|
|
by mjg59
1295 days ago
|
|
|
Okta actually supports this with their device identity policy, but in this scenario the IdP doesn't necessarily have insight into who's issuing the token (The AWS case involves AWS getting a valid auth from Okta and then issuing the token) so that wouldn't work. RFC 8705 covers binding tokens to an mTLS Identity but basically nobody supports that. |
|
|