go-fed/apcore

Support OAuth2 dynamic client registration (RFC 7591)

cjslep opened this issue · 4 comments

Manually registering clients only makes sense for monolithic OAuth2 service providers that want to manage something like developer accounts. Since that's not what apcore apps are about, we need to support RFC 7591 OAuth 2.0 Dynamic Client Registration Protocol.

See go-oauth2/oauth2#167.

This is "done" for the first-party credentials.

AFAICS this is done by forking go-auth2 and merging in remote tracking branch https://github.com/thegrumpylion/oauth2/tree/pkce

I looked at the Go-AP project Fedibox, and here they are using another OAuth2 project that may be a better candidate for apcore to use (more contributors, more forks, most recently updated, part of production-ready Kubernetes-friendly Openshift distro). See:

Thanks! I will have to take a look at that.