Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support pre-authorized code grant #225

Open
babisRoutis opened this issue Oct 24, 2024 · 0 comments
Open

Support pre-authorized code grant #225

babisRoutis opened this issue Oct 24, 2024 · 0 comments
Labels
feature New feature or request

Comments

@babisRoutis
Copy link
Contributor

Currently, the issuer supports only the authorization code grant, given that by design it has been implemented as a resource server that is protected by any of the shelf authorization server.

To support pre-authorized code grant, under the above constraints, the following would be needed:

  • Protect the issuer with two, possibly different, authorizations servers. One for authorization code grant and another for pre-authorized grant
  • Issuer will advertise both authorizations servers, via credential issuer metadata, authorizations_servers claim
  • Credential offers, would advertise the use of the first for grant authorization code & the second for pre-authorize code grant
  • Credential endpoint would support access_token issued by either authorization server

Implementation
There are two possible ways to implement the above.

  1. Create a minimal authorization server, exposing token endpoint and (authorization server) metadata and possibly token introspection endpoint
  2. Embed the above into the credential issuer
@babisRoutis babisRoutis added the feature New feature or request label Oct 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature New feature or request
Projects
None yet
Development

No branches or pull requests

1 participant