Giter Club home page Giter Club logo

Comments (3)

elf-pavlik avatar elf-pavlik commented on June 25, 2024

Regarding aspect of Client authenticating to Resource Server. Depending on which identifier RS needs to authenticate we seem to have different reliance on Authorization Server. If client only needs to identify client by the key it holds and to which the token stays bound, RS can directly verify possession of that key. If we rely on some identifier like redirect_uri, RS can't directly verify it and needs to rely on Authorization Server using it in Authorization Code grant.

Requirement on which identity client has to prove to Resource Server also seems related to outcomes of Authentication panel. If access token includes (by value or reference) all the client authorization information that Resource Server should apply to the client using that access token, we can think of those authorization as 'semantic scopes', Resource Server doesn't need to verify any other client identity and use it to discover authorization details it should apply to the client.

from authentication-panel.

jaxoncreed avatar jaxoncreed commented on June 25, 2024

If we rely on some identifier like redirect_uri, RS can't directly verify it and needs to rely on Authorization Server using it in Authorization Code grant.

Unless the RS requires a token that it issues itself. As you mentioned in today's panels, that could be an option in the rare case that the RS wants to identify the client.

from authentication-panel.

elf-pavlik avatar elf-pavlik commented on June 25, 2024

Yes, precisely some AS would still issue the token and RS would need to rely on that AS verifying redirect_url, just it would be AS designated by a user with acl:Control and not one associated with any other user with some other mode of access.

from authentication-panel.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.