solid-oidc
solid-oidc copied to clipboard
solid
The repository for the Solid OIDC authentication specification.
Clients should be required to support `need_info` section of UMA2 to better meet authorization goals
As per the current [Solid-OIDC draft sec 9.1](https://solid.github.io/solid-oidc/#authorization-server-discovery): > Authorization Servers SHOULD implement User-Managed Access (UMA) 2.0 Grant for OAuth 2.0 Authorization [[UMA]](https://solid.github.io/solid-oidc/#biblio-uma). However, there's no equivalent of > clients...
Ac currently defined Client ID Document MUST use normative JSON-LD `@context`, so it has to be compacted with it. Solid Storage doesn't guarantee that compaction is being preserved for RDF-Sources....
I understand that the terms "provider" and "issuer" are brought forward from other specs and the context in which they are used matters. The Solid-OIDC spec may further benefit from...
> When a Client Identifier is dereferenced, the resource MUST be serialized as an application/ld+json document unless content negotiation requires a different outcome. Why does Client configuration data have to...
requested by @namedgraph in https://gitter.im/solid/authentication-panel?at=632c12a7f4d7a323dee54c94 the conversation includes details of two small sequences which need to be made alt/opt based on what the end-user entered on the client mermaid supports...
Currently, the spec doesn't say anything about CORS: clients may not configure CORS for their identifiers, preventing cross-domain requests to this document. The main use case for the client identifier...
The client-provided metadata should be consistent if they are provided either through Dynamic Client Registration or dereferencing the Client Identifier. In particular, the default values for the scope should be...
I was looking to find the version at which the solid:OIDCIsueer triple became mandatory in a user's pod, to reference that change, but there are no versions of this protocol....
Recent DPoP spec updates introduce some changes that could be relevant for Solid-OIDC. I'd suggest that we update the DPoP-related parts of the spec and the primer in order to...
11.2. Client IDs: > Implementors SHOULD expire ephemeral Client IDs that are kept in server storage to mitigate the potential for a bad actor to fill server storage with unexpired...