Would we need a second profile to use this with OpenID Connect? How do we expect an AS that supports both OAuth and OIDC to implement this endpoint.
Aaron - make sure this is possible without breaking anything.
George - provide some guidance on what behaviour we want. Get AS behaviour consistent to simplify native implementations (no AS specific code needed). One idea - use examples from OIDC in a non-normative way.
OmniAuth - maintains a list of providers their library supports.
Aaron- 2 classes of implementors. (1) proprietary (2) those using OIDC
Some examples of such extensions include Proof Key for Code Exchange (PKCE) [RFC7636], Resource Indicators [RFC8707], and OpenID Connect (OIDC) [OIDC].
aaronpk
commented
1 year ago
Would we need a second profile to use this with OpenID Connect? How do we expect an AS that supports both OAuth and OIDC to implement this endpoint.
Aaron - make sure this is possible without breaking anything.
George - provide some guidance on what behaviour we want. Get AS behaviour consistent to simplify native implementations (no AS specific code needed). One idea - use examples from OIDC in a non-normative way.
OmniAuth - maintains a list of providers their library supports.
Aaron- 2 classes of implementors. (1) proprietary (2) those using OIDC