Define discovery metadata for support of the Transaction Token functionality

Question

Define discovery metadata for support of the Transaction Token functionality

gffletch opened this issue 5 months ago · 1 comments

Should we add to the spec a mechanism for a client to discover if the AS has support for the transaction token profile of the token-exchange endpoint? Or do we need to define a new .well-known location for the Transaction Token Service?

Answer 1 · 2024-06-14T16:19:07.000Z

Notes from call on 06-14-24

(George) Discovery by an external client may not be useful, but for internal clients, it might be important. We could chain it out of the AS, because we would expect services to know where the AS is.
(Atul) Can we do a 401 response with the location of the TTS?
(Pieter) Agree that external clients don't need to discover the TTS. Discovery is useful for internal clients. Can we do resource metadata?
(George) One way is to add a new URL to the AS metadata. We should discuss this in Vancouver
(Atul, Pieter) Can we use OPRM?
(Pieter) The flow is going to be different because it assumes OAuth Access tokens