-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Request-Provided Claim Values Support #3
Comments
An alternative implementation using the |
Note that for the purposes of the OP, the |
Correct, which is why we deviate from the OIDC core spec as follows:
This behaviour is documented in this expired RFC draft, which our README links to. The configuration options are described in our Wiki. A comparison to the proposed changes by @milux :
|
@schanzen Are there any plans for an alternative, more standards based solution (even if just emerging) or can we close this issue again for the time being? |
We should do this using the client assertion (JWT). Using a query parameter is specifically violating the standard:
|
This requirement seems more like a statement to allow for backwards compatibility of future revisions, in that additional parameters introduced in such revisions should not break older Auth Servers which do not recognize them. In other words: A bit off-topic, but the second sentence might pose a problem in other ways, as it is repeated for both the Authorization- and Token endpoints. RFC 8707 however states:
|
Ok. Well. LGTM in general. We can always change it to a property in the JWT if necessary later. |
This is a feature suggestion for support of claims that are copied from the user's request.
The main idea behind this feature is to bind specific, (server side) preconfigured dynamic attributes into issued tokens, whereas the values of these attributes are defined upon request by the client.
Typical use cases include:
PR to follow.
The text was updated successfully, but these errors were encountered: