Closed michielbdejong closed 2 weeks ago
When adding an RH to an AS, if there is a .well-known mechanism, you still need to specify the FQDN of the RH, e.g. helper.drive.surf.nl
So then I think it's just a small step to specify the full https://helper.drive.surf.nl/scope-info
URL? Unless there are several URLs to configure, or they change frequently, I think the gain from a .well-known mechanism is not so big.
Also, for OIDC the .well-known mechanism is used each time a user logs in (potentially thousands of times per day), and this one would only be used once in the lifetime of the AS-RH relationship
I found OAuth Discovery and ./well-known/uma2-configuration
- maybe we should just propose a field scope_info
as an addition to this list.
Today we talked about creating a
/.well-known/resource-helper
document where the scope info endpoint of a Resource Helper can be discovered. But https://datatracker.ietf.org/doc/html/rfc7662 says:So maybe we should leave it out of scope here as well then?