Discussion · bonfire.social.coop

django

@django@social.coop · last week

deep dive into the oauth RFCs this morning ☕

#c2s

django

@django@social.coop · 7 days ago

I found and filed a bug in Pleroma Dynamic Client Registration code

https://git.pleroma.social/pleroma/pleroma/-/issues/3390

django

@django@social.coop · 7 days ago

Hacked away at C2S authorization in Fedbox with @mariusor 💪

django

@django@social.coop · 7 days ago

and just discovered @evan lovely oauth decision tree diagram

https://github.com/swicg/activitypub-api/issues/1#issuecomment-3708524521

Evan Prodromou

@evan@cosocial.ca · 7 days ago

@django the part I'm not sure of is the protected resource metadata. I think that's what you use to use SaaS authorization like Okta or Auth0, or if you use a separate server like Keycloak. So, it doesn't assume that the API server is the authorization server.

django

@django@social.coop · 7 days ago

@evan I see what you mean, I hadn’t considered a fedi server using a saas for auth.

An escrow from the decision tree focusing on discovery of the authorization server

django

@django@social.coop · 7 days ago

@evan there doesn't seem to be anything in rfc8414 that prevents a redirect to a different auth server.

I suppose the response could also be hardcoded remote urls for `registration_endpoint`, `authorization_endpoint` and `token_endpoint`
ditto for the actor.endpoints

1 more replies (not shown)

bonfire.social.coop

See https://wiki.social.coop and reach out to the TWG or CWG for more!

bonfire.social.coop: About · Code of conduct · Privacy ·

Bonfire social · 1.0.0-rc.1.25 no JS en

Automatic federation enabled