Support for Pushed Authorization Requests (PAR) #269
Conversation
OAuth 2.0 Pushed Authorization Requests is defined in (draft-ietf-oauth-par-08) PAR lets the client push the authorization request to the IP ahead of end-user involvement
|
For the record, now this is RFC9126. |
|
I know, but it works for me, and no one seemed to be interested in this, so I just let it be. |
I know I could not review this at the moment because I have no test setup supporting PAR to check the PR. Maybe @DeepDiver1975 could? |
I am lacking a test env as well .... I merged other prs which "looked" good but did cause regression afterwards - so I am not that positive at the moment ... |
|
Maybe the solution to this would be to set up an integration test environment, so patches could be merged at the condition they implement tests. |
|
Maybe a more generic extension point could help devs to integrate such functionalities? In this line https://github.com/jumbojett/OpenID-Connect-PHP/pull/269/files#diff-153547f1c0203c10f6f31847c1601d01a841d4b6dc6a8797c9f98feeb0e84bf8R678 $this->beforeRequestAuthorize(&$auth_params);The default impl will do nothing and any developer could subclass the client and add logic as needed - like in this PR. Or we introduce event dispatcher so that people don't need to subclass ..... |
In an ideal world I absolutely agree. e.g. spinning up a key-cloak docker image as part of the github workflow should work. let's see if somebody finds the time .... (would love to do it .....) |
Implement OAuth 2.0 Pushed Authorization Requests is defined in
(draft-ietf-oauth-par-08)
PAR lets the client push the authorization request to the IP
ahead of end-user involvement