The service registry doesn’t help applications discover services that require authorization. Including information about authorization servers and required scopes could make service info and registries able to facilitate immediate access after service discovery.
Currently, service-info does not incorporate standardized Auth information about the service (e.g. auth mechanism, auth server location, etc.), meaning clients must rely on different out-of-band mechanisms to learn how to authenticate to various services. service-info should allow for standardized auth metadata, informing clients of how to authenticate in a consistent manner
From the FASP API Feedback
Currently,
service-infodoes not incorporate standardized Auth information about the service (e.g. auth mechanism, auth server location, etc.), meaning clients must rely on different out-of-band mechanisms to learn how to authenticate to various services.service-infoshould allow for standardized auth metadata, informing clients of how to authenticate in a consistent manner