search

DuendeSoftware / Support

Support for Duende Software products
21 stars 0 forks source link

Dynamic Client Registration and API registration #50

Closed No1e closed 2 years ago

No1e commented 2 years ago

Dear Duende Team,

a while ago, back in days of IdentityServer 3, I have implemented dynamic client registration. Here is what I have implemented back then:

  1. Protected endpoints for management of registration info, which is compriced of registration token and the software statement. Registration token would beed needed in the process of client registration, whith some nice features, like usage count. Software statement which contains client scopes, grant type, along with other information. Both of those was in the form of JWT, and delivered together wia E-Mail, in 3 shapes: base64 encoded string (to allows user to copy paste and register), JSON file (to support automated registration of large amount of mobile applications) and QR Code (to support scanning with barcode scanners or camera).
  2. Protected endpoint for dynamic client registration and deregistration. Here the client would need registration in the Authenticaiton header with Bearer schema and in addition software statement, so that IDP know how configure the client.

Since than, I didn't do anyting in this field, so I unfortunately missed out all your releases, starting from Identity Server 4. It was very busy dev years. So, I try to catch up now.

Now, I want to do the same thing for Duende Identity server. In addition, I want to make something similar for API registration, to make it easier to create and configure API Scopes/Resources.

I have couple of question:

  1. I would like to support all signing algorithms, as you did, for access tokens. Is there any helper out of box class that I can use to for JWT token creation/signing that you can recommend?
  2. I would like to extend information available at /.well-known/openid-configuration to include those additional endpoints for dynamic client registration and API registration. How can I do that?

P.S. The idea with API Resource to group Scopes is just wonderful, and if fits really nice with creation of registration infos. It makes the whole thing very end user friendly. Thank you for this nice feature.

Thank you and best regards, Novak

brockallen commented 2 years ago

Is there any helper out of box class that I can use to for JWT token creation/signing that you can recommend

Have a look at how we did that in our DefaultTokenCreationService.

I would like to extend information available at /.well-known/openid-configuration to include those additional endpoints for dynamic client registration and API registration.

To customize the discovery document, you can extend our DiscoveryResponseGenerator class with your own.

No1e commented 2 years ago

Thank you!