[Openid-specs-ab] Handling IdP-specific information in AppAuth

William Denniss wdenniss at google.com
Mon Mar 6 02:38:16 UTC 2017 

Recently there's been interest from other IdPs in adding samples and/or
configuration information into AppAuth, alongside the current samples.

There were also comments that AppAuth was too "Google focused", for example
by listing the Google issuer in the sample.  It was *never* the the intent
of the library to be Google focused (quite the opposite in fact), but since
we were the first provider to support the pattern, and because the example
& docs were written by Google engineers, some Google-specific info was
added to the examples (but never the core library).

To resolve both of these issues, I'm proposing the following:

   1. All current and future examples in AppAuth will be generic. This is a
   standards library after all, so there's no reason every sample shouldn't
   work with every provider. If you want to add a new sample for us all to
   use, fantastic! But it shouldn't be specific to your own IdP – those belong
   in your own repositories.  An implication of this is that all
   Google-related information (like the Google issuer) will be removed from
   current samples.

   2. Since every IdP has it's own registration and configuration quirks,
   and to cater for the desire to have IdP specific information in the
   repository as a convenience for developers, *qualified providers* will
   be entitled to commit a README-provider.md file into the Examples directory
   with their own instructions.  This is where IdP-specific information now
   belongs, and is in the form of instructions only (not source code, though
   it may contain code samples).

A "qualified provider" needs to meet two requirements:

   - Be OpenID Connect certified <http://openid.net/certification/>.
   - Support the OAuth for Native Apps BCP (i.e pass this checklist
   <https://tools.ietf.org/html/draft-ietf-oauth-native-apps-08#appendix-A>
   ).


This pull request <https://github.com/openid/AppAuth-iOS/pull/80> in
AppAuth for iOS and macOS applies the above principles to the iOS and macOS
library, moving all Google-specific information into a file named
"README-Google.md".  The same work is currently being done in AppAuth for
Android with a PR coming soon.

Thank you to everyone who has expressed interest in collaborating on
AppAuth! On behalf of the team, I'd like to welcome all other qualified
providers to submit a pull request with your own configuration instructions!

Best,
William
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20170305/907f021b/attachment.html>

More information about the Openid-specs-ab mailing list