-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add JSON document to spec #138
Conversation
I'm happy with the idea of having JSON, but this seems not backward compatible, i.e. it's not possible to serve metadata for both old and new implementations? Am I understanding correctly? |
It is in the sense that the old version would be at the client_uri...it just means a single app can't serve an HTML and a json version at the same URL. From the authorization server point of view....it should support the new way of learning information about the app... but it doesn't actually have to learn anything. |
But the apps currently are supposed to provide that in client_id, how can an app decide what format to use in client_id if auth server starts to expect JSON? |
The app should serve the JSON. Also, I'd expect the servers will fall back on HTML if JSON isn't returned for some time. My implementation does. |
That wouldn't work if the target server is not updated. And should the spec keep some info about fallback in that case for backward compat, as it does for |
If it isn't updated, it would be the equivalent of no html at all at the client id, which would only practically create an issue with displaying the consent page...it would show the URL but no name or image |
Yes, and it would be much more cryptic to user than the current no-metadata apps, as the URL would end with |
I used a short URL for my JSON client metadata documents, such as An authorization server can certainly look for the HTML microformats if the |
One other note for implementers, a client could use the old behavior of providing an HTML |
This adds a very simple version of the proposed switch to #133