+1 On Fri, Feb 19, 2016 at 9:28 PM, Vladimir Dzhuvinov <vladi...@connect2id.com > wrote:
> +1 > > On 19/02/16 23:59, Justin Richer wrote: > > The newly-trimmed OAuth Discovery document is helpful and moving in the > right direction. It does, however, still have too many vestiges of its > OpenID Connect origins. One issue in particular still really bothers me: > the use of “/.well-known/openid-configuration” in the discovery portion. Is > this an OAuth discovery document, or an OpenID Connect one? There is > absolutely no compelling reason to tie the URL to the OIDC discovery > mechanism. > > > > I propose that we use “/.well-known/oauth-authorization-server” as the > default discovery location, and state that the document MAY also be > reachable from “/.well-known/openid-configuration” if the server also > provides OpenID Connect on the same domain. Other applications SHOULD use > the same parameter names to describe OAuth endpoints and functions inside > their service-specific discovery document. > > > > — Justin > > _______________________________________________ > > OAuth mailing list > > OAuth@ietf.org > > https://www.ietf.org/mailman/listinfo/oauth > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
