ykulbak
commented
1 year ago Sep 25th 2023. See discussion on generalising OAUTH flows to avoid banning supported features on https://github.com/buildingSMART/foundation-API/issues/25 (same date).
Open GeorgDangl opened 3 years ago
ykulbak
commented
1 year ago Sep 25th 2023. See discussion on generalising OAUTH flows to avoid banning supported features on https://github.com/buildingSMART/foundation-API/issues/25 (same date).
Here, we're listing two flows: https://github.com/buildingSMART/foundation-API#221-obtaining-authentication-information
implicit_grant, which has been effectively deprecated, or at least it's usage is heavily discouragedresource_owner_password_credentials_grant, which never really was considered secure in scenarios where you did not control all services involvedThis was brought up in the meeting today, and we should just remove it from the spec completely.