Christian Smith
Christian Smith
There's a standard-readme section stubbed out for security considerations. We need to brainstorm a bit and identify the topics that need to be covered here. This section shouldn't eclipse the...
We need to support the OpenID Connect `acr` claim and `acr_values` authorization parameter throughout Anvil Connect. Following is a list of references to the `acr` claim in the [OIDC Core](http://openid.net/specs/openid-connect-core-1_0.html)...
Anvil Connect currently logs with [https://github.com/nlf/bucker](bucker). There's been some discussion about replacing it with [bunyan](https://github.com/trentm/node-bunyan) for a variety of reasons. Here's some background: - [Write Logs for Machines, use JSON](https://journal.paul.querna.org/articles/2011/12/26/log-for-machines-in-json/)...
At present we have a pretty good handle on OAuth 2.0 and OpenID Connect. Our in the near future will be centered around OIDC certification and achieving 100% implementation. Along...
> In some cases, the login flow is initiated by an OpenID Provider or another party, rather than the Relying Party. In this case, the initiator redirects to the RP...
We should seriously consider implementing the JSON Patch RFC for all PATCH endpoints, including `PATCH /userinfo` and the relevant parts of the REST API. http://tools.ietf.org/html/rfc6902
If no `client_default_scope` is defined and no `scope` param is provided in the request, the server will fail.
> AccountChooser is a facility where users can store basic identifying information for accounts that they use for signing in to Web sites (Sites). Once stored, users are able to...
http://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests