-
Notifications
You must be signed in to change notification settings - Fork 9.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ciba-grant-3.2.0.md #3615
ciba-grant-3.2.0.md #3615
Conversation
we should upgrade as well the schema @handrews this raise the point that the 3.2 should have its own schema version (compatible but still its own version) to me the delivery mode should be an enum following the acceptable values about user code , we may need to include it as part of the sample another point should it be called ciba , or should it be called backchannel as the OIDC spec mentionned those name as of parameter (ie it s just a legitimate question , to me ciba is fine as pointing the precise concept, not aware if there are other back channel technology leveraging those concept) |
Could you help me understand why there is a need for a new OAuth2Flow when this information could be communicated via an OpenIDConnect configuration document considering it is an OIDC specific flow? |
Hi @darrelmiller although it sounds like "OpenID Connect Client-Initiated Backchannel Authentication Flow" is the same as OpenId Connect is is not. This idea of introducing ciba to OAI comes out of the Camara project where we discovered the need to specify this flow. |
@LasneF : Thanks for your feedback.
|
Sorry, I know we've had some back-and-forth on the schemas, but since this change won't go into 3.1, it would be better to omit the schema updates from this pull request (the 3.2 schemas haven't been created yet), we can't merge this pull request with these schema changes in. |
versions/3.2.0.md
Outdated
<a name="oauthFlowRefreshUrl"></a>refreshUrl | `string` | `oauth2` | The URL to be used for obtaining refresh tokens. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | ||
<a name="oauthFlowScopes"></a>scopes | Map[`string`, `string`] | `oauth2` | **REQUIRED**. The available scopes for the OAuth2 security scheme. A map between the scope name and a short description for it. The map MAY be empty. | ||
<a name="backchannel_token_delivery_modes_supported"></a>ciba_delivery_modes | Array[`string`] | `oauth2` (`"ciba"`) | **REQUIRED**. JSON array containing one or more of the following values: poll, ping, and push. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OpenAPI uses camelCasing for parameter values. So although the CIBA specification uses snake case, for consistency we should require tooling to do the translation and maintain consistency in the OpenAPI description.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove OPTIONAL keywords and change casing of parameters
I presume you meant "Remove OPTIONAL from keywords..." rather than removing the keywords marked OPTIONAL |
Co-authored-by: Darrel <darrmi@microsoft.com>
Co-authored-by: Darrel <darrmi@microsoft.com>
@lornajane Reverted schema changes |
@darrelmiller Done changes for camelCase. Kindly check. |
Co-authored-by: Ralf Handl <ralf.handl@sap.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for being patient with us and working through the amendments.
Below are details of the proposed changes in this PR to add CIBA grant flow:
This PR:
Fixes #3587
Branch and file used: