Skip to content

Commit

Permalink
OIDC: Allow auth code flow and device flow (both without PKCE) as gra…
Browse files Browse the repository at this point in the history 
…nts for `default_clients`. #410
  • Loading branch information
@m-mohr
m-mohr committed Aug 25, 2021
1 parent 2e6d17e commit 5a6dfd2
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 3 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- `create-form` to link to the registration page
- `recovery-form` to link to the credentials recovery page.
- `GET /me`: New Relation types `alternate` and `related` for user-specific external pages. [#404](https://github.com/Open-EO/openeo-api/issues/404)
- `GET /credentials/oids`: Allow `authorization_code` and `urn:ietf:params:oauth:grant-type:device_code` (both without PKCE) as grants for `default_clients`. [#410](https://github.com/Open-EO/openeo-api/issues/410)
- Recommendation to add media types and titles to links for a better user experience.
- Allow the relation type `canonical` to be used generally for (shared) resources (e.g. UDPs or batch jobs) without requiring Bearer authentication. [#405](https://github.com/Open-EO/openeo-api/issues/405)
- Recommendation for UDF runtime names. [#409](https://github.com/Open-EO/openeo-api/issues/409)
Expand Down
8 changes: 5 additions & 3 deletions openapi.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1897,24 +1897,26 @@ paths:
Allowed values:
- `implicit`: Implicit Grant as specified in [RFC 6749, sec. 1.3.2](https://www.rfc-editor.org/rfc/rfc6749.html#section-1.3.2)
- `authorization_code+pkce`: Authorization Code Grant as specified in [RFC 6749, sec. 1.3.1](https://www.rfc-editor.org/rfc/rfc6749.html#section-1.3.1), with PKCE extension.
- `urn:ietf:params:oauth:grant-type:device_code+pkce`: Device Authorization Grant (aka Device Code Flow) as specified in [RFC 8628](https://www.rfc-editor.org/rfc/rfc8628.html), with PKCE extension. Note that the combination of this grant with the PKCE extension is *not standardized* yet.
- `authorization_code` / `authorization_code+pkce`: Authorization Code Grant as specified in [RFC 6749, sec. 1.3.1](https://www.rfc-editor.org/rfc/rfc6749.html#section-1.3.1), with or without PKCE extension.
- `urn:ietf:params:oauth:grant-type:device_code` / `urn:ietf:params:oauth:grant-type:device_code+pkce`: Device Authorization Grant (aka Device Code Flow) as specified in [RFC 8628](https://www.rfc-editor.org/rfc/rfc8628.html), with or without PKCE extension. Note that the combination of this grant with the PKCE extension is *not standardized* yet.
- `refresh_token`: Refresh Token as specified in [RFC 6749, sec. 1.5](https://www.rfc-editor.org/rfc/rfc6749.html#section-1.5)
minItems: 1
uniqueItems: true
items:
type: string
enum:
- 'implicit'
- 'authorization_code'
- 'authorization_code+pkce'
- 'urn:ietf:params:oauth:grant-type:device_code'
- 'urn:ietf:params:oauth:grant-type:device_code+pkce'
- 'refresh_token'
redirect_urls:
type: array
description: |-
List of redirect URLs that are whitelisted by the OpenID Connect client.
Redirect URLs MUST be provided when the OpenID Connect client supports
the `implicit` or `authorization_code+pkce` authorization flows.
the Implicit Grant or the Authorization Code Grant (with or without PKCE extension).
uniqueItems: true
items:
type: string
Expand Down

0 comments on commit 5a6dfd2

Please sign in to comment.