Open junglebarry opened 2 years ago
Looks like there's a few different use-cases.
client_id
is optional in the spec);client_id
is available).I can see why client_id
isn't required on that basis, but I'm still interested in how to fit this up against the multiple-clients-for-issuer model used by (e.g.) Canvas.
It makes sense to find the registration by issuer and client ID. However, Blackboard doesn't send the client ID initially, so you should be able to find the registration by issuer only. We use the following method signature in the class that implements the Database interface: public function find_registration($issuer, $clientID = ""){} If $clientID is provided, then it's used in the database query, otherwise ignored.
That makes a lot of sense - thank you!
We've been tinkering with this library, and noticed that the database of registrations is queried by issuer alone (
iss
from the JWT). However, for platforms like Canvas cloud, theiss
would be the same across all tenant instances, and the process of adding a tool to any individual instance would generate a newclient ID
.Should registrations be keyed by
<iss, clientId>
pairs, rather than byiss
alone?