Consider supporting OAuth 2.0 Dynamic Client Registration #3144
Comments
|
See also: RFC 7591 (OAuth 2.0 Dynamic Client Registration Protocol) |
benfrancis
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently the gateway has to maintain a hard-coded list of client IDs to identify third party apps and services which can request access to a gateway via OAuth2. This means that if a new service wants to access gateways we have to manually issue a client ID, add it to this list, and push an update to all gateways.
The IndieAuth specification defines a mechanism which enables authorization servers (i.e. gateways in our case) to dynamically use resolveable URLs hosted by an OAuth2 client (third party apps and services) as verifiable client IDs, rather than having to manually issue them.
Note that IndieAuth is a Living Standard maintained by the IndieWeb community, not a standards body like the W3C or IETF, and was primarily used to obtain an OAuth 2.0 Bearer Tokens for use by [Micropub] clients, so may not be widely supported.
The text was updated successfully, but these errors were encountered: