Comments (3)
dannymeloy
commented on August 28, 2024
Hi Gareth,
- The RAML is currently mistaken - the /.well-known/.. endpoint will hang off the the root path (e.g.
https://{host}:{port}/.well-known/oauth-authorization-server.) - With regards to both versioning of the well-known endpoint (mentioned in issue #9) and multiple issuers on the same host, the thinking currently is that we define another text record in the DNS-SD announcement (call it
issuer_path.), for a given auth server instance, that defines the {issuer} tag in the.well-knownurl. This will usually be blank or omitted, meaning clients default to the URL you have given above.
If multiple auth services are hosted on the same host, or if integrating with an Off-the-Shelf auth server with a metadata URL with a different {issuer}, thisissuer_pathrecord can distinguish/point-at the auth server instances. From an NMOS perspective, this record could also give clients distinct server metadata URLs for different versions if we needed to - using two DNS-SD records with different text records. In this case, both theapi_verandissuer_pathrecords may both be equal tov1.1for example.
I hope that makes sense...
from is-10.
garethsb
commented on August 28, 2024
Thanks, that does start making sense. I think it's going to be simpler to document the /.well-known/ URL via separate means, whether that's pure documentation or a separate RAML file.
from is-10.
NEOAdvancedTechnology
commented on August 28, 2024
worked out
from is-10.
Related Issues (20)
- Examples of client registration using different grant HOT 2
- Make example URLs consistent HOT 2
- Authorization Server Mix-Up Mitigation HOT 5
- Incorrect reference? HOT 4
- POST /{registration_endpoint_path} request body is JSON HOT 2
- Should IS-10 or BCP-003-02 recommend using an allow list for issuers? HOT 1
- Error Codes for invalid token HOT 4
- Does the API base path require authorization? HOT 24
- Are clients using PKCE required to support "S256" or not? HOT 1
- Initiate authorization for a UI-less node HOT 10
- Decide how to implement Client Credentials HOT 4
- Client Name Duplications HOT 2
- Add recommendations around handling of redirects
- Port number for issuer HOT 6
- Clarify the resource server behaviour while receiving missing public keys token HOT 4
- Clarify that scopes are required in the token request
- Add a note on criticality of time synchronisation
- Typo in Clients Behaviour section HOT 1
- Implementation guide for Node vendors HOT 1
- Interaction diagram needs updating HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from is-10.