> On 9. Jul 2020, at 19:58, Neil Madden <[email protected]> wrote: > > The point is that RAR can’t make payment transactions the primary use-case, > emphasised throughout the draft, and then fail to even discuss this issue or > make any kind of suggestion as how to handle it.
I’m still trying to understand the issue and your proposed solution. What you are suggesting is an OAuth authorization to subsequently send another more detailed or transactional OAuth authorization. If your basic assumption is that users just accept a payment conformation screen, why do you think the additional pre-authorization won’t be accepted straight away? The way PSD2 uses to secure such transactions is transaction authorization using a dynamic second factor (called strong customer authentication). I assume the rational is SCA will make users think before they confirm.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
