-
-
Notifications
You must be signed in to change notification settings - Fork 6.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support .well-known/oauth-authorization-server
from RFC 8414
#24099
Comments
Mastodon uses Doorkeeper and it's supported there: doorkeeper-gem/doorkeeper-openid_connect#152 (See also https://gitlab.com/gitlab-org/gitlab/-/issues/233956 which made that happen) |
Specifically a reference implementation is at: https://github.com/doorkeeper-gem/doorkeeper-openid_connect/blob/master/app/controllers/doorkeeper/openid_connect/discovery_controller.rb But we wouldn't necessarily want to use doorkeeper-openid_connect, as Mastodon is only a OAuth 2.0 provider, not an OIDC provider. |
I've offered to implement this in doorkeeper, but haven't received a reply: doorkeeper-gem/doorkeeper#1587 |
Okay, given that I've received no response from the Doorkeeper team in 2 months, and the sheer amount having this implemented would make it easier to develop API consuming applications that request the lowest scopes of data possible, I think the path forwards would be to just implement this API endpoint directly in the mastodon codebase, based on the code from this comment: #24099 (comment) |
@saschanaz this can be closed as completed as of 4.3, since #29191 has landed for that release. |
Nice, I can confirm it's supported now 👍 |
Pitch
Implement
.well-known/oauth-authorization-server
as a way to tell the clients about the OAuth server configuration e.g. about the URLs of endpoints. https://datatracker.ietf.org/doc/html/rfc8414Motivation
A client software may want to support various other server software in addition to Mastodon, and in that case it's easier to have metadata endpoint for the server configuration so that it doesn't have to manage the hardcoded list of configurations for each.
The text was updated successfully, but these errors were encountered: