https://njwatson32.github.io/as-metadata-client-id/draft-watson-oauth-as-metadata-client-id.html
I've written up a quick draft on supporting a client_id parameter on AS Metadata, which would allow the AS to (1) do gradual rollouts of AS metadata changes client by client and (2) customize metadata if necessary (e.g. for clients participating in beta programs of upcoming drafts). AS can also choose to ignore the client_id parameter completely and continue serving a statically cached global AS metadata file. I had this idea recently when implementing support for 9207 (iss parameter) and running into poorly behaved clients handling these updates badly. The draft I'm proposing would have allowed me to avoid making global changes to AS metadata, and even do a synchronized rollout of returning `iss` from the authorization endpoint and declaring authorization_response_iss_parameter_supported. Let me know what you all think. Nick PS: I've also proposed the "reverse" of this for CIMD in this issue <https://github.com/oauth-wg/draft-ietf-oauth-client-id-metadata-document/issues/78> . -- Nick Watson | Software Engineer | [email protected] | (781) 608-3352
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
