+1 On 19/02/16 23:59, Justin Richer wrote: > The newly-trimmed OAuth Discovery document is helpful and moving in the right > direction. It does, however, still have too many vestiges of its OpenID > Connect origins. One issue in particular still really bothers me: the use of > “/.well-known/openid-configuration” in the discovery portion. Is this an > OAuth discovery document, or an OpenID Connect one? There is absolutely no > compelling reason to tie the URL to the OIDC discovery mechanism. > > I propose that we use “/.well-known/oauth-authorization-server” as the > default discovery location, and state that the document MAY also be reachable > from “/.well-known/openid-configuration” if the server also provides OpenID > Connect on the same domain. Other applications SHOULD use the same parameter > names to describe OAuth endpoints and functions inside their service-specific > discovery document. > > — Justin > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
