I propose that we expand upon specific functionality provided by Identity Providers (IdPs) and tasks handled by them.
To start with, there should be clear specifications for various functionalities that IdPs provide such as: - Email verification on registration - Specifications regarding "forgot password" functionality - Specifications regarding "resest password" functionality for users that are logged in These specifications only pertain to Identity Providers, and allow an industry-wide set of rules that each Identity Provider must follow. The purpose of doing so would be to standardize various frequently used and implemented flows that are secure and widely reusable. Some problems that would be addressed by these specifications would be: - How to securely implement functionality where a user is sent a link to verify their email address - How to securely implement functionality where a user is sent a verification code to verify their email address - How to securely implement functionality where a user is sent a link to reset their password - How to securely implement functionality where a user is sent a verification code to reset their password
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
