Closed dvorak42 closed 2 years ago
In general, I'd like to keep the keys and max-age fields separate.
However, there are things in a generic token model that need to be specified that we should consider:
Type could be -> Issuance Protocol
There seems to be a hierarchy of "things", including the scheme, issuance protocol, and issuance protocol details. It seems to make sense if we arrange things in the following way:
Ideally, also, the challenge is bound to the scheme, issuance protocol, and issuance protocol details, which would require some changes. Is this a useful framing?
Currently the issuer-key, token-key, and max-age are not versioned inside the WWW-Authenticate, meaning that either we need current parsing of a scheme to ignore unknown fields in the scheme challenge (the outermost layer defined in RFC7235), we have to introspect the challenge field to then figure out how to parse the outer keys/max-age fields, or we have to use a different scheme name whenever we want to change those.
One potential fix is to encapsulate the whole blob of data in an "outer" challenge structure:
Where abc/def are PATAuthenticateChallenge(s).
Additionally we can potentially rename TokenChallenge to get rid of the extra layering.