justinwb
commented
3 years ago This makes a lot of sense - noting that we'll want to use https://solidproject.org/TR/
Closed acoburn closed 3 years ago
justinwb
commented
3 years ago This makes a lot of sense - noting that we'll want to use https://solidproject.org/TR/
Given that a Solid app may interact with any number of identity providers, there should be a mechanism by which the app can determine whether the IdP conforms to the Solid-OIDC specification.
This would affect whether an app can send an external client webid as a
client_idas part of the authorization code flow or whether the app needs some other mechanism for identifying the client registration (e.g. dynamic client registration)Typically, OIDC discovery happens at the
/.well-known/openid-configurationresource. And per section 4.2 of OpenID Connect Discovery, "other claims MAY also be returned".I would like to suggest that we add a section to this specification related to discovery such that a conforming Solid-OIDC identity provider indicates to clients that it conforms to the Solid-OIDC spec.
For example, the JSON response to
/.well-known/openid-configurationcould include this key, indicating which specification is supported:My main concern here is having a mechanism for a client to discovery whether the IdP can be used for Solid-OIDC negotiation. I am open to better ideas about the key/value pair used in the discovery document.