Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Check oauth metadata if actions are supported #3085

Open
gerardsn opened this issue May 3, 2024 · 2 comments
Open

Check oauth metadata if actions are supported #3085

gerardsn opened this issue May 3, 2024 · 2 comments
Milestone

Comments

@gerardsn
Copy link
Member

gerardsn commented May 3, 2024

The oauth client and server metadata indicate what combination of parameters/operations are supported by the client/server. We often don't confirm that the other party actually supports what we are presenting.

Below is a list of parameters for AuthorizationServerMetadata that are never read for options that we do use.

  • Issuer (should match the party we assume we fetched the metadata from)
  • ResponseModesSupported
  • ResponseTypesSupported
  • GrantTypesSupported
  • PresentationDefinitionUriSupported (not even set)
  • VPFormatsSupported
  • RequestObjectSigningAlgValuesSupported

Parameters that are read might not be used everywhere they should.

The same probably goes for the OAuthClientMetadata.

@gerardsn
Copy link
Member Author

gerardsn commented May 3, 2024

Friday afternoon title...

@gerardsn gerardsn added this to the V6 milestone May 7, 2024
@woutslakhorst woutslakhorst added the rc issues for release candidate label Jun 5, 2024
@woutslakhorst woutslakhorst added final and removed rc issues for release candidate labels Sep 12, 2024
@woutslakhorst
Copy link
Member

This is used for OpenID4VP flows. They are marked experimental. Will remove final label.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants