[API Based Authentication] [Bug] Improvement for Client Attestation

[Thumimku]

Is your suggestion related to an experience ? Please describe.
With #16836, we delivered Client Attestation capabilities for API_Based_Authentication.
We got several feedbacks along the process and we have prioritise them based on our timeline. Hence I will raise this issue to track all the improvements for Client Attestation (Security API Based Authentication).

[Note that following tasks are not in the order of priority]

• In Android Attestation, we need to call Google Attestation service. But here, the same thread requested for android attestation is used for this external call. We need to improve this by having a thread pool and execute the external call.
• In Apple Attestation, we have the basic security implemented. But there are some advanced security implementation given in the doc, we need to improve those validations also.
• In Apple Attestation, revocation check is disabled by default and we provide an configuration to enable it here. We have to set true and test for the cloud deployments.
• In Apple Attestation, currently we are shipping Apple Attestation root CA with the product as pem. But we need to use a keystore by anychance Apple decided to provide set of root certs. More details can be found in this mail [Request to add Apple Attestation Root Certificate to Product IS and Asgardeo]
• Nonce Issuance, This improvement is to track and develop Client Attestation As A Service where Client Attestation Service issues Nonce to clients.

[isharak]

This issue is being closed due to extended inactivity. Please feel free to reopen it if further attention is needed. Thank you for helping us keep the issue list relevant and focused!