Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add RS associated AS issuing Access Token #18

Merged
merged 15 commits into from
Jan 12, 2022
Merged

Add RS associated AS issuing Access Token #18

merged 15 commits into from
Jan 12, 2022

Conversation

elf-pavlik
Copy link
Member

@elf-pavlik elf-pavlik commented Aug 2, 2021
edited by acoburn
Loading

Once we merge #17 I'll rebase this one to only include relevant changes. This variant of sequence diagram introduces RS associated AS which issues an Access Token.

Screen Shot 2021-08-02 at 8 48 36

You can see alt block with two options

  1. directly exchange ID Token for Access Token - this would match basic approach of current Solid-OIDC
  2. exchange ID Token for chainable Ticket - this would allow pushing more claims before getting the Access Token
  3. one of the claims would be Data Grant from Solid Application Interoperability providing resource client authorization granted by the requesting party

This was referenced Sep 1, 2021
Open
Open
@acoburn acoburn mentioned this pull request Sep 16, 2021
Open
@elf-pavlik elf-pavlik mentioned this pull request Oct 11, 2021
Closed
@elf-pavlik elf-pavlik added the next Next version introducing RS associated AS label Nov 9, 2021
@elf-pavlik
Copy link
Member Author

elf-pavlik commented Nov 15, 2021
edited
Loading

preview of the diagram in the latest commit (click on the image to see higher res):

Screen Shot 2021-11-15 at 8 19 21

@elf-pavlik elf-pavlik mentioned this pull request Nov 16, 2021
Closed
@elf-pavlik
Copy link
Member Author

The latest commits include updates to the text. It still misses describing the discovery of the Authorization Server and pushing OIDC ID Token as part of the Claim Token.

Latest diagram includes Client ID Document:

Screen Shot 2021-11-21 at 15 16 35

@elf-pavlik elf-pavlik mentioned this pull request Nov 26, 2021
Closed
2 tasks
elf-pavlik
elf-pavlik commented Dec 20, 2021
View reviewed changes
index.bs Outdated Show resolved Hide resolved
elf-pavlik
elf-pavlik commented Dec 20, 2021
View reviewed changes
index.bs Outdated Show resolved Hide resolved
@elf-pavlik elf-pavlik mentioned this pull request Dec 21, 2021
Open
@elf-pavlik elf-pavlik mentioned this pull request Jan 3, 2022
Closed
@elf-pavlik elf-pavlik marked this pull request as ready for review January 3, 2022 14:12
NSeydoux
NSeydoux reviewed Jan 5, 2022
View reviewed changes
index.bs Outdated Show resolved Hide resolved
index.bs Outdated Show resolved Hide resolved
index.bs Outdated Show resolved Hide resolved
index.bs Outdated Show resolved Hide resolved
index.bs Outdated Show resolved Hide resolved
acoburn
acoburn reviewed Jan 6, 2022
View reviewed changes
Copy link
Member

@acoburn acoburn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally, I am very supportive of this change. I'd like to see the UMA-specific sections to be changed a bit. That might mean something like: "if using UMA, an RS MUST do ...". We don't want a hard dependency on UMA, but describing it as a viable pattern would be very good.

index.bs Outdated Show resolved Hide resolved
index.bs Outdated Show resolved Hide resolved
index.bs Outdated Show resolved Hide resolved
elf-pavlik and others added 2 commits January 7, 2022 07:26
@elf-pavlik @NSeydoux
Apply suggestions from code review
963a7f9 
Co-authored-by: Zwifi <contact@zwifi.eu>
@elf-pavlik @acoburn
Apply suggestions from code review
7872a59 
Co-authored-by: Aaron Coburn <acoburn@apache.org>
leifj
leifj reviewed Jan 10, 2022
View reviewed changes
index.bs Show resolved Hide resolved
@acoburn
Clarify UMA requirements
8a19057 
* Set UMA requirement as SHOULD
* Set OpenID profile as required for UMA servers
* Set WWW-Authenticate (as_uri) as MUST unless a
  different discovery mechanism is used
elf-pavlik
elf-pavlik commented Jan 12, 2022
View reviewed changes
Copy link
Member Author

@elf-pavlik elf-pavlik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@elf-pavlik elf-pavlik merged commit 6151e62 into solid:main Jan 12, 2022
@elf-pavlik elf-pavlik deleted the as-sequence branch January 12, 2022 14:47
@elf-pavlik elf-pavlik mentioned this pull request Jan 20, 2022
Merged
@acoburn acoburn mentioned this pull request Apr 19, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@NSeydoux NSeydoux NSeydoux left review comments

@leifj leifj leifj left review comments

@acoburn acoburn acoburn approved these changes

Assignees
No one assigned
Labels
next Next version introducing RS associated AS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@elf-pavlik @leifj @acoburn @NSeydoux