foundation-API
foundation-API copied to clipboard
buildingSMART
Shared elements in the diverse API standards
For the next major version, clients are required to send the `state` parameter. But servers are not required to fail a request that misses it. See also #40.
Here, we're listing two flows: https://github.com/buildingSMART/foundation-API#221-obtaining-authentication-information * `implicit_grant`, which has been effectively deprecated, or at least it's usage is heavily discouraged * `resource_owner_password_credentials_grant`, which never really was considered secure in...
Some OAuth2 / Open ID Connect providers require that clients include a `scope` parameter when requesting an access token. It looks like all CDE servers can add a default one...
See https://oauth.net/2/pkce/
As a client developer I want to present to which server I'm connected by displaying the server icon. The server could present the icon in a few standard sizes and...
As a service provider it is important to identify clients which consume an API and their version. Reason being, sometimes there are bad requests, buggy versions, deprecate old versions, etc....
Here is what [Foundation-API section 1.7](https://github.com/buildingSMART/foundation-API?tab=readme-ov-file#17-datetime-format) says: > 1.7 DateTime Format > DateTime values must be [rfc3339](https://datatracker.ietf.org/doc/html/rfc3339#section-5.6) compliant. > Examples: `2016-04-28T16:31:12Z` would represent _Thursday, April 28th, 2016, 16:31:12 (0ms) in...
