Accept audience specified in scope audience:server:client_id#14
Accept audience specified in scope audience:server:client_id#14ctron merged 1 commit intoctron:mainfrom
audience:server:client_id#14Conversation
|
Thanks for the PR. I'd just like to understand it a bit better. So the idea is that "client A" requests a token for "client B". Therefore it will come back with "client B", and the verification expects "client A". The new code automatically extracts "client B" as a value, and uses it as an alternative for the verification. This is Dex specific? I like the fact that it's "automatic". But I also wonder if there's a way to do this more generic. Maybe not. At least, I'd kindly ask you to add a bit of docs in the code of what happens there. Maybe extract this part in a dedicated function. I also think this could be enhanced to handling all such scopes (more than one). If that makes sense, let's add it. If it doesn't ok. If you don't have a good idea how to implement, I can take that part. |
|
The CI fails because commits needs to conform to https://www.conventionalcommits.org/en/v1.0.0/ … I guess this would be |
barrbrain
force-pushed
the
audience-scope
branch
from
58010aa to
d6cf33a
Compare
|
I'm still looking for documentation of this scope beyond specific implementations.
It looks like it hit the mailing list once: |
barrbrain
force-pushed
the
audience-scope
branch
from
d6cf33a to
d3b59fd
Compare
|
I'd be ok with you summing this up at the |
barrbrain
force-pushed
the
audience-scope
branch
from
d3b59fd to
3017a2e
Compare
barrbrain
force-pushed
the
audience-scope
branch
from
3017a2e to
3bfe358
Compare
|
My first attempt at a |
|
Released as |
2 participants
The motivation is to support cross-client trust and authorized party (DexIdP). This PR only accepts the first such scope.