[Openid-specs-fastfed] Symmetry Question - Follow-up from previous meeting
Brian Rose
brian.rose at sailpoint.com
Fri Nov 22 18:41:44 UTC 2019
Hey all,
I think I failed to properly articulate my question on our call on Wednesday. I understand the symmetry discussed, but when attempting to put it in to practice, I have run in to some limitations (or needed clarifications) in the spec.
Here is the flow I am attempting (skipping some of the unimportant steps in this flow for brevity):
1. Governance Provider admin, when setting up a new application to be governed, clicks "Use FastFed to setup 'FastFed App To Be Governed'"
2. 'FastFed App To Be Governed' has its start endpoint called
3. 'FastFed App To Be Governed' posts signed JWT to Governance Provider's registration endpoint
4. Governance Provider responds back to 'FastFed App To Be Governed' with registration response (section 7.2.3.3). Here, the Governance Provider has the option to return provisioning metadata, but is unlikely given that it is not the app to be governed.
5. 'FastFed App To Be Governed' completes
6. Governance Provider creates a JWT-bearer.
7. Governance Provider does a POST to ??? to get the bearer token in order to call 'FastFed App To Be Governed' SCIM endpoints
Where does it POST it in order to get the bearer token? It has not received any payload that contains the oauth_metadata object. From what I can tell, there is nowhere in the spec that the symmetry in oauth_metadata occurs. I assume that the POST to the registration endpoint that comes from the 'FastFed App To Be Governed' (section 7.2.3.1) is the one that needs the "oauth_metadata" object.
I have some other things I have also found or have questions about that I'll send in another email to the list, but wanted to focus on this question individually.
Thanks,
Brian Rose
SailPoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fastfed/attachments/20191122/7ca1a28b/attachment-0001.html>
More information about the Openid-specs-fastfed
mailing list