foundation-API
foundation-API copied to clipboard
buildingSMART
Shared elements in the diverse API standards
For the next major version, clients are required to send the `state` parameter. But servers are not required to fail a request that misses it. See also #40.
Here, we're listing two flows: https://github.com/buildingSMART/foundation-API#221-obtaining-authentication-information * `implicit_grant`, which has been effectively deprecated, or at least it's usage is heavily discouraged * `resource_owner_password_credentials_grant`, which never really was considered secure in...
Some OAuth2 / Open ID Connect providers require that clients include a `scope` parameter when requesting an access token. It looks like all CDE servers can add a default one...
See https://oauth.net/2/pkce/
As a client developer I want to present to which server I'm connected by displaying the server icon. The server could present the icon in a few standard sizes and...
As a service provider it is important to identify clients which consume an API and their version. Reason being, sometimes there are bad requests, buggy versions, deprecate old versions, etc....
