update X-OIDC for requests

schibsted / account-sdk-ios

⛔️ DEPRECATED SchibstedAccount SDK for iOS

MIT License

6 stars 16 forks source link

update X-OIDC for requests #83

Open aliak00 opened 6 years ago

aliak00 commented 6 years ago

So, ok, the x-oidc header should only be sent to endpoints that handle it, which is only oauth/token

And then only for grant types that is supported in the oauth service client_credentials, yes authorization_code, not sure but think so password, no refresh_token, yes

New value: X-OIDC: v1 for the grants that are supported by oauth service.

joawan commented 6 years ago

authorization_code works, but you won't get back a refresh token, unless you specify scope=offline_access during the authorization flow.

Will need to look into how that is handle on things like account pages, and other flows.

aliak00 commented 6 years ago

Better to wait till oauth service supports everything before starting or this'll be a half implementation.

After implementation. Must make sure the following scenarios work:

login -> visit profile pages -> go back to app -> logout
create user -> validate link - > visit profile pages -> go back to app -> logout
login -> refresh tokens -> visit profile pages -> go back to app -> logout