Skip to content

Make token endpoint configurable and align with OIDC #292

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 3 commits into
base: develop
Choose a base branch
from
Draft

Make token endpoint configurable and align with OIDC #292

wants to merge 3 commits into from

Conversation

@mickenordin
Copy link
Collaborator

This patch makes the token endpoint configurable and anligns the request with the requirements with OIDC/OAUTH

@mickenordin
Make token endpoint configurable and align with OIDC
24b3858 
This patch makes the token endpoint configurable and
anligns the request with the requirements with OIDC/OAUTH

* https://www.rfc-editor.org/rfc/rfc6749.html#section-4.1
* https://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint

Signed-off-by: Micke Nordin <[email protected]>
@KrausMatthias
Copy link
Contributor

I think the schema of the token response is missing?

@mickenordin
Copy link
Collaborator Author

I think the schema of the token response is missing?

Should be here, right:

OCM-API/spec.yaml

Line 869 in 24b3858

TokenResponse:

@glpatcern
Copy link
Member

glpatcern commented Oct 29, 2025
edited
Loading

This looks good, don't we also want to explicitly say that the token endpoint is expected to be "just OIDC"? Or what would make it different from a vanilla OIDC token endpoint?

@mickenordin
Copy link
Collaborator Author

I think the difference is that there is supposed to be an authorize step before, that we skip, that is what will get you the refresh token.

glpatcern
glpatcern reviewed Oct 30, 2025
View reviewed changes
Copy link
Member

@glpatcern glpatcern left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, I've added a sentence and another question. I guess some details will be cleared once we have a first implementation.

spec.yaml
redirect_uri:
type: string
description: URI to redirect to after the token is issued
example: https://receiver.org/ocm/callback
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess the callback is not required to be served from the /ocm "namespace", as it's a regular OIDC callback?

@mickenordin mickenordin marked this pull request as draft November 1, 2025 14:32
@mickenordin
Copy link
Collaborator Author

I think I/we need to look in to https://datatracker.ietf.org/doc/html/rfc6749 more, it feels unclear to me at this point, exactly which flow we should use.

mickenordin and others added 2 commits November 1, 2025 15:33
@mickenordin @glpatcern
Update spec.yaml
0de9604 
Co-authored-by: Giuseppe Lo Presti <[email protected]>
@mickenordin @glpatcern
Update IETF-RFC.md
4a4a41a 
Co-authored-by: Giuseppe Lo Presti <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@glpatcern glpatcern glpatcern left review comments

@MahdiBaghbani MahdiBaghbani Awaiting requested review from MahdiBaghbani

+1 more reviewer

@enriquepablo enriquepablo enriquepablo approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@mickenordin @KrausMatthias @glpatcern @enriquepablo