HeroicKatora/oxide-auth

Authorization Server Metadata

thhet opened this issue · 3 comments

Feature

One should be able to to retrieve to server metadata (RFC 8414). A lot of clients depend on the server metadata.

It would be very helpful, if "/.well-known/oauth-authorization-server" would return OAuth 2.0 metadata related to the authorization server and "/.well-known/openid-configuration" would return OpenID Connect metadata.

Example:
https://accounts.google.com/.well-known/openid-configuration

The library doesn't directly bind to any paths in the server and delivering a simple JSON structure doesn't seem complex. What value is added by integrating into the libraries instead of providing it separately?

I'm still struggling to understand the scope of this project. I have worked in the C# world with IdentityServer4 / Duende IdentityServer - in these frameworks you register the clients, the available scopes, flows etc. during the startup phase and the metadata (/.well-known/...) is generated by the framework based on the registrations.

This isn't a framework, it's a library enabling the sans-IO portion of OAuth, codifying those rules into some particular interfaces. It's really mainly the state machines describe in the RFCs. Some trivial implementations to test those state machines, but most of it left to your target environment and supplemental implementation. Everything on top would require more maintainers and programmers than available.