Need a non-normative example showing how the AS extends the spec to make it all work

aaronpk / oauth-first-party-apps

https://datatracker.ietf.org/doc/html/draft-parecki-oauth-first-party-apps

Other

10 stars 8 forks source link

Need a non-normative example showing how the AS extends the spec to make it all work #14

Closed gffletch closed 1 year ago

gffletch commented 1 year ago

I think we will need more clarity on how an AS can leverage this spec to produce a fully working flow. There are statements like... "the AS MAY define additional parameters" but the reality is the AS MUST define additional parameters to make a concrete flow work. In that sense I think we need to make that more clear.

aaronpk commented 1 year ago

We can add an appendix section describing how an AS could build a concrete implementation of this. Could reference the appendix from the main part of the spec as an example of how this could look.

In any case, we want to make sure it's clear that this is not the "default" implementation we expect, so doing it as an appendix will avoid that confusion.

aaronpk commented 1 year ago

I think this might be covered by the examples created for #15