mike-marcacci
commented
4 years ago This will require us to add core support for an authorization header that contains client credentials and a refresh token...
Open mike-marcacci opened 5 years ago
mike-marcacci
commented
4 years ago This will require us to add core support for an authorization header that contains client credentials and a refresh token...
mike-marcacci
commented
4 years ago As I've continued to think through the relationship between OAuth and AuthX, I have grown more confident that this is a solid strategy. We will need to come up with an appropriate scheme according to RFC7235, and then select (or create) a "root" authorization for the grant like we currently do for the oauth2 flow.
After considering the extension mechanism described in #52, it's become clear that instead of providing an additional API that uses models directly, this should instead make GraphQL requests to the AuthX server. This way we avoid bypassing any registered extensions (which will be applied at the GraphQL layer).