Skip to content

Authorization Server and Credential Issuer must support metadata #208

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Aug 1, 2025
Merged

Authorization Server and Credential Issuer must support metadata #208

merged 4 commits into from
Aug 1, 2025

Conversation

@paulbastian
Copy link
Collaborator

@paulbastian paulbastian commented Jul 10, 2025

Closes #180

@paulbastian paulbastian linked an issue Jul 10, 2025 that may be closed by this pull request
Make Issuer metadata normative #180
Closed
@paulbastian paulbastian requested review from Sakurann, jogu and tlodderstedt and removed request for Sakurann, jogu and tlodderstedt July 10, 2025 16:34
charsleysa
charsleysa reviewed Jul 22, 2025
View reviewed changes
jogu
jogu reviewed Jul 22, 2025
View reviewed changes
awoie
awoie requested changes Jul 29, 2025
View reviewed changes
Copy link
Collaborator

@awoie awoie left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Making the same comment as @charsleysa that it would be good to mandate scopes in metadata for interop reasons even if it means there is some duplication if scopes are defined at the ecosystem level out-of-band.

jogu
jogu reviewed Jul 31, 2025
View reviewed changes
@c2bo
Copy link
Member

c2bo commented Jul 31, 2025

Just to be clear: Is the intention is for both (AS, Issuer) metadata to be made available via .well-known path?
If so, we should make that a bit clearer imho - otherwise it could be interpreted as metadata can also be provided out of band (but metadata is still supported).

Sakurann
Sakurann requested changes Jul 31, 2025
View reviewed changes
Copy link
Contributor

@Sakurann Sakurann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

per christian's comment - clarified that for the issuer metadata .well-known must be used. made suggestions

@Sakurann
Copy link
Contributor

Sakurann commented Jul 31, 2025

Just to be clear: Is the intention is for both (AS, Issuer) metadata to be made available via .well-known path?

yes

If so, we should make that a bit clearer imho - otherwise it could be interpreted as metadata can also be provided out of band (but metadata is still supported).

suggested text for issuer endpoint. AS already mandates .well-known in the rfc so i think no action there

@Sakurann @jogu @charsleysa
[during the wg call] Apply suggestions from code review
b215518 
Co-authored-by: Joseph Heenan <joseph@authlete.com>
Co-authored-by: Stefan Charsley <charsleysa@gmail.com>
@Sakurann Sakurann requested review from awoie and charsleysa July 31, 2025 15:53
@jogu jogu merged commit 289d811 into main Aug 1, 2025
2 checks passed
@Sakurann Sakurann mentioned this pull request Aug 19, 2025
Closed
@Sakurann Sakurann added this to the 1.0 Final milestone Oct 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jogu jogu jogu approved these changes

@charsleysa charsleysa charsleysa approved these changes

@awoie awoie awoie approved these changes

@Sakurann Sakurann Sakurann approved these changes

@tlodderstedt tlodderstedt Awaiting requested review from tlodderstedt

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

1.0 Final

Development

Successfully merging this pull request may close these issues.

Make Issuer metadata normative

7 participants

@paulbastian @c2bo @Sakurann @jogu @charsleysa @awoie