oauth2-server icon indicating copy to clipboard operation
oauth2-server copied to clipboard

Published 20 hours ago verified publisher icon clouway

missing grants, production usage

Open froderick opened this issue 6 years ago • 1 comments

Hi,

Unless I'm missing something, it seems that not all the core spec grant types are supported. Are you interested in supporting these, and would you consider a pull request that implements them?

Also, is this implementation in production anywhere? If so, what kind of load has it seen? Have you considered a security audit?

Thanks.

froderick avatar Dec 16 '18 02:12 froderick

Adding of all grant types will add additional features to the library which is good to have but it should be optionally configurable by the apps. Will be happy to see PR in this direction.

Yes, it's used currently in production in clouWay for our clients. About the load I'm not sure that it's related to the library as the backend implementation of the interfaces takes significant part of the performance. In clouWay we are using the standard environment of google app engine which provides dynamic scaling of the instances and scalable datastore which makes it scalable enough for our needs.

The things are designed with certification in mind and the target is OpenID Connect: https://openid.net/certification/

mgenov avatar Dec 16 '18 05:12 mgenov