ciba-grant-3.2.0.md #3615
ciba-grant-3.2.0.md #3615
Conversation
handrews
requested review from
earth2marsh,
whitlockjc,
lornajane,
darrelmiller and
webron
handrews
added
security
security: auth
|
we should upgrade as well the schema @handrews this raise the point that the 3.2 should have its own schema version (compatible but still its own version) to me the delivery mode should be an enum following the acceptable values about user code , we may need to include it as part of the sample another point should it be called ciba , or should it be called backchannel as the OIDC spec mentionned those name as of parameter (ie it s just a legitimate question , to me ciba is fine as pointing the precise concept, not aware if there are other back channel technology leveraging those concept) |
|
Could you help me understand why there is a need for a new OAuth2Flow when this information could be communicated via an OpenIDConnect configuration document considering it is an OIDC specific flow? |
Hi @darrelmiller although it sounds like "OpenID Connect Client-Initiated Backchannel Authentication Flow" is the same as OpenId Connect is is not. This idea of introducing ciba to OAI comes out of the Camara project where we discovered the need to specify this flow. |
|
@LasneF : Thanks for your feedback.
|
|
Sorry, I know we've had some back-and-forth on the schemas, but since this change won't go into 3.1, it would be better to omit the schema updates from this pull request (the 3.2 schemas haven't been created yet), we can't merge this pull request with these schema changes in. |
versions/3.2.0.md
Outdated
| <a name="oauthFlowRefreshUrl"></a>refreshUrl | `string` | `oauth2` | The URL to be used for obtaining refresh tokens. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | ||
| <a name="oauthFlowScopes"></a>scopes | Map[`string`, `string`] | `oauth2` | **REQUIRED**. The available scopes for the OAuth2 security scheme. A map between the scope name and a short description for it. The map MAY be empty. | ||
| <a name="backchannel_token_delivery_modes_supported"></a>ciba_delivery_modes | Array[`string`] | `oauth2` (`"ciba"`) | **REQUIRED**. JSON array containing one or more of the following values: poll, ping, and push. |
There was a problem hiding this comment.
OpenAPI uses camelCasing for parameter values. So although the CIBA specification uses snake case, for consistency we should require tooling to do the translation and maintain consistency in the OpenAPI description.
I presume you meant "Remove OPTIONAL from keywords..." rather than removing the keywords marked OPTIONAL |
Co-authored-by: Darrel <darrmi@microsoft.com>
Co-authored-by: Darrel <darrmi@microsoft.com>
@lornajane Reverted schema changes |
|
@darrelmiller Done changes for camelCase. Kindly check. |
Co-authored-by: Ralf Handl <ralf.handl@sap.com>
Below are details of the proposed changes in this PR to add CIBA grant flow:
This PR:
Fixes #3587
Branch and file used: