-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update device authorization and JWKS to closer match the spec #74
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the one missing thing from those 2 PRs is default scope.
I choose null, but there might be a more correct answer.
The rest looks good though.
Yeah, that seems like the right thing to do. Also, Okta has a feature for defining a default scope for when a client doesn't supply one, so we might want to make the |
let data = data(for: """ | ||
{ | ||
"token_type": "Bearer", | ||
"expires_in": 3600, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Worth noting, some Authorization servers may not return expires_in (notably when you are doing pure OAuth, without OIDC). I don't think it's something we need to account for, but I think the only 2 things that are required from OAuth are access_token/token_type.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I'm not sure if we should worry about that. There's a lot of code that assumes the expires_in
exists, for both Swift and Kotlin SDKs. So I'd hold off on this, until it's necessary.
0de74dc
to
8fc02bd
Compare
This matches up to okta/okta-mobile-kotlin#183 and okta/okta-mobile-kotlin#182