ology
used nowadays to provide this sort of Single Sign-On. All I'm
looking for is documentation on how OIDC is actually implemented
in this scenario.
Best regards,
Dario Teixeira
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailma
There's an obvious problem with this scheme: there's no way for the
NA to know when and if the authentication was successful. Did I
miss something, or is this a know problem with the AppAuth scheme?
Thanks again for your attention!
Best regards,
Dario Teixeira
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
list of
OpenID Provider public keys on my server, which I would use to
verify that the token was indeed signed by the OIP. Correct me
if I'm wrong, but this also seems to be the recommended approach,
right?
Thanks again for your time!
Best reg
ies...
Best regards,
Dario Teixeira
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
IDC is that not everyone uses the standard terminology.)
Btw, I strongly suspect that AS stands for OAuth2's "Authorization
Server".
Is that correct?
Best regards,
Dario Teixeira
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
ow durable this solution is. Suppose the OIDC
Provider would change their signing key; my server would then falsely
reject valid tokens unless it periodically checked for public key
updates (or does this never/seldom happen?).
Best regards,
Dario Teixeira
__
o throw a lot of jargon or non
standard terminology at them...
Best regards,
Dario Teixeira
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
like points 1 and 2 above. Therefore, if there is
indeed such documentation, could someone please point me towards it?
And if not, which would be the recommended route, 1 or 2?
Thanks in advance for your attention!
Best regards,
Dario Teixeira
___
OAuth ma
