Closed appsdesh closed 10 months ago
@atultulshi @timcappalli @FragLegs I came across OAuth 2.0 Protected Resource Metadata and it would make more sense to not stuff OAuth properties in the SSF metadata.
This spec suggests having a separate per protected resource metadata for the OAuth server.
Use
scopes_supported
key in transmitter metadata to align with RFC8414Resolves issue #95