Closed adeinega closed 1 year ago
The OpenID Connect Client-Initiated Backchannel Authentication Flow - Core 1.0 specification allows using the HTTP long polling mechanism against the OAuth2 token endpoint in somewhat similar circumstances. I had some spare time to research this topic a bit deeper and don't have a good answer on how it was possible for me to have the abovementioned specification out of sight.
Again, it would be such a great thing to have a bit more instant notification mechanism in the specification core, I mean, not in its extensions or in one or another out of band/vendor-specific solution.
It's a continuation of the discussion started in https://github.com/ietf-wg-gnap/gnap-core-protocol/pull/388#issuecomment-1049243339 which I would like to track as a separate issue.
If we want to have that then
I think it could be a great addition to this specification. Furthermore, take a look at Poll-Based Security Event Token (SET) Delivery Using HTTP (RFC 8936) and how they leverage the HTTP long polling mechanism.