Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

point implementers to OIDC in intro #151

Open
dickhardt opened this issue Jul 14, 2023 · 4 comments
Open

point implementers to OIDC in intro #151

dickhardt opened this issue Jul 14, 2023 · 4 comments
Assignees
@dickhardt
Milestone
version -13

Comments

@dickhardt
Copy link
Collaborator

No description provided.

@dickhardt dickhardt self-assigned this Jul 14, 2023
@aaronpk aaronpk added this to the version -10 milestone Jul 27, 2023
@arukiidou arukiidou mentioned this issue Aug 15, 2023
Closed
@aaronpk aaronpk modified the milestones: version -10, version -11 Jan 31, 2024
@dickhardt
Copy link
Collaborator Author

@aaronpk remind me what we were going to do here?

@aaronpk
Copy link
Member

aaronpk commented Dec 4, 2024

I think the idea was to at least mention that OIDC exists as a common extension of OAuth that is useful for user authentication

@aaronpk
Copy link
Member

aaronpk commented Dec 4, 2024

Update this paragraph:

OAuth is an authorization protocol, and is not an authentication protocol. The access token represents the authorization granted to the client. It is a common practice for the client to present the access token to a proprietary API which returns a user identifier for the resource owner, and then using the result of the API as a proxy for authenticating the user. This practice is not part of the OAuth standard or security considerations, and may not have been considered by the resource owner. Implementors should carefully consult the documentation of the resource server before adopting this practice.

@dickhardt
Copy link
Collaborator Author

dickhardt commented Dec 4, 2024
edited
Loading

OAuth is not authentication -- refer to OIDC for auth

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@dickhardt dickhardt

Labels
None yet
Projects
None yet
Milestone
version -13
Development

No branches or pull requests
2 participants
@aaronpk @dickhardt