[Openid-specs-ab] Issue #1731: OpenID Connect Federation and OAuth metadata types (openid/connect)
Andrii Deinega
issues-reply at bitbucket.org
Fri Nov 18 21:33:35 UTC 2022
New issue 1731: OpenID Connect Federation and OAuth metadata types
https://bitbucket.org/openid/connect/issues/1731/openid-connect-federation-and-oauth
Andrii Deinega:
While the OpenId Connect Federation specification is mainly focused on OpenID Connect federations :\) it allows defining of new metadata types. The OAuth Authorization server and OAuth-protected resource metadata types will be good examples. Two things I don’t really understand are
1. how would an OAuth-protected resource in organization A know how to validate Bearer ATs issued by an AS in organization B of the same federation
2. now even if we deal with self-contained ATs which include all required information about the issuer \(its federation entity id\) why would an OAuth-protected resource in organization A ever rely on/trust scopes provided in ATs. OAuth authorization servers in organization A have their own policies on granting/providing scopes and permissions.
Please tell me what I miss.
More information about the Openid-specs-ab
mailing list