foundation-API icon indicating copy to clipboard operation
foundation-API copied to clipboard

Published 20 hours ago verified publisher icon buildingSMART

Support for Authorization Code with PKCE for section 2.2

Open venilillkall opened this issue 3 years ago • 1 comments

See https://oauth.net/2/pkce/

venilillkall avatar Jun 22 '21 07:06 venilillkall

Sep 25th 2023 / Group call discussion summary.

This issue can be addressed by removing the specific OAUTH features mentioned by the Foundation API spec and leave a generic requirement for the server to provide OAUTH certified implementations that require features supported by well-established and supported libraries available for clients to integrate.

Pasi raised a concerns that for clients this still leaves a risk that servers might diverge in their OAUTH requirements creating a difficulty for clients to have a single, standard authentication flow supported by all servers.

ykulbak avatar Sep 25 '23 09:09 ykulbak