Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clarify difference between redirect_uris and interop:hasAuthorizationCallbackEndpoint #79

Open
michielbdejong opened this issue Mar 6, 2024 · 1 comment

Comments

@michielbdejong
Copy link
Contributor

Both occur in e.g. https://github.com/janeirodigital/sai-js/blob/main/packages/css-storage-fixture/acme/projectron/id%24.jsonld

Is redirect_uris for OIDC and interop:hasAuthorizationCallbackEndpoint for other (data-related) OAuth scopes?

@elf-pavlik
Copy link
Collaborator

We didn't want to overload OIDC redirect_uri, especially since currently, authn and authz are two independent flows with redirects. While we want to look at having a clear way to offer a combined experience, we might still want to have them available as separate flows.
There is also some relevant information in solid/specification#504 which also applies to on-device apps, specifically:

For the purpose of pure Authentication, I believe we should allow such server-side clients to authenticate independently from any of the end-users on whose behalf it can act. Of course, we still need to ensure that the client can act on behalf of the end user. For that, we step into delegation / client authorization (AuthZ).

Once we have defined VP/VC that represents client authorization, we probably don't need additional OIDC ID tokens, since both end-user identity and client identity would be available in this new credential.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants