Skip to content

Make token endpoint configurable and align with OAUTH #292

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Nov 7, 2025
Merged

Make token endpoint configurable and align with OAUTH #292

merged 2 commits into from
Nov 7, 2025

Conversation

@mickenordin
Copy link
Collaborator

@mickenordin mickenordin commented Oct 29, 2025

This patch makes the token endpoint configurable and anligns the request with the requirements with OIDC/OAUTH

@KrausMatthias
Copy link
Contributor

KrausMatthias commented Oct 29, 2025

I think the schema of the token response is missing?

@mickenordin
Copy link
Collaborator Author

mickenordin commented Oct 29, 2025

I think the schema of the token response is missing?

Should be here, right:

OCM-API/spec.yaml

Line 869 in 24b3858

TokenResponse:

@glpatcern
Copy link
Member

glpatcern commented Oct 29, 2025
edited
Loading

This looks good, don't we also want to explicitly say that the token endpoint is expected to be "just OIDC"? Or what would make it different from a vanilla OIDC token endpoint?

@mickenordin
Copy link
Collaborator Author

mickenordin commented Oct 29, 2025

I think the difference is that there is supposed to be an authorize step before, that we skip, that is what will get you the refresh token.

glpatcern
glpatcern reviewed Oct 30, 2025
View reviewed changes
Copy link
Member

@glpatcern glpatcern left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, I've added a sentence and another question. I guess some details will be cleared once we have a first implementation.

@mickenordin mickenordin marked this pull request as draft November 1, 2025 14:32
@mickenordin
Copy link
Collaborator Author

mickenordin commented Nov 1, 2025

I think I/we need to look in to https://datatracker.ietf.org/doc/html/rfc6749 more, it feels unclear to me at this point, exactly which flow we should use.

@mickenordin mickenordin changed the title Make token endpoint configurable and align with OIDC Make token endpoint configurable and align with OAUTH Nov 5, 2025
@mickenordin mickenordin requested a review from glpatcern November 5, 2025 18:09
@mickenordin mickenordin marked this pull request as ready for review November 5, 2025 18:09
@mickenordin
Copy link
Collaborator Author

mickenordin commented Nov 5, 2025

Ok, I think my undertanding is cleare now. I have aligned with OAUTH, but just enough so we might get away with outsourcing the token handleing to prexisting oauth libraries without imposing things that are not needed for server to server interactions

@mickenordin mickenordin force-pushed the kano-auth-code branch 4 times, most recently from ef3f5c1 to aa72291 Compare November 5, 2025 19:14
@mickenordin
Make token endpoint configurable and align with OAUTH
488fcae 
This patch makes the token endpoint configurable and
anligns the request with OAUTH

* https://www.rfc-editor.org/rfc/rfc6749.html#section-4.1

Co-authored-by: Giuseppe Lo Presti <[email protected]>

Signed-off-by: Micke Nordin <[email protected]>
glpatcern
glpatcern reviewed Nov 6, 2025
View reviewed changes
Copy link
Member

@glpatcern glpatcern left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work Micke, this looks very promising. I have a couple of remaining questions

glpatcern
glpatcern approved these changes Nov 7, 2025
View reviewed changes
Copy link
Member

@glpatcern glpatcern left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you're happy with my additional change, this can be merged.

I have a further question but I'll open a separate issue for that.

@glpatcern glpatcern mentioned this pull request Nov 7, 2025
Closed
@mickenordin mickenordin merged commit 5432b8b into develop Nov 7, 2025
4 checks passed
@mickenordin mickenordin deleted the kano-auth-code branch November 7, 2025 12:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@glpatcern glpatcern glpatcern approved these changes

@MahdiBaghbani MahdiBaghbani Awaiting requested review from MahdiBaghbani

+2 more reviewers

@KrausMatthias KrausMatthias KrausMatthias left review comments

@enriquepablo enriquepablo enriquepablo approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@mickenordin @KrausMatthias @glpatcern @enriquepablo