You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, the issuer supports only the authorization code grant, given that by design it has been implemented as a resource server that is protected by any of the shelf authorization server.
To support pre-authorized code grant, under the above constraints, the following would be needed:
Protect the issuer with two, possibly different, authorizations servers. One for authorization code grant and another for pre-authorized grant
Issuer will advertise both authorizations servers, via credential issuer metadata, authorizations_servers claim
Credential offers, would advertise the use of the first for grant authorization code & the second for pre-authorize code grant
Credential endpoint would support access_token issued by either authorization server
Implementation
There are two possible ways to implement the above.
Create a minimal authorization server, exposing token endpoint and (authorization server) metadata and possibly token introspection endpoint
Embed the above into the credential issuer
The text was updated successfully, but these errors were encountered:
Currently, the issuer supports only the authorization code grant, given that by design it has been implemented as a resource server that is protected by any of the shelf authorization server.
To support pre-authorized code grant, under the above constraints, the following would be needed:
authorizations_servers
claimaccess_token
issued by either authorization serverImplementation
There are two possible ways to implement the above.
The text was updated successfully, but these errors were encountered: