Hi, I agree that the user of “/.well-known/openid-configuration” is confusing and that it would be preferable with something else, but it is written as an example not necessarily a default.
However to use “/.well-known/oauth-authorization-server” might be problematic if as written different applications needs different content in the discovery endpoint. (3. Obtaining Authorization Server Discovery Metadata) //Samuel On Fri, Feb 19, 2016 at 10:59 PM, Justin Richer <jric...@mit.edu> wrote: > The newly-trimmed OAuth Discovery document is helpful and moving in the > right direction. It does, however, still have too many vestiges of its > OpenID Connect origins. One issue in particular still really bothers me: > the use of “/.well-known/openid-configuration” in the discovery portion. Is > this an OAuth discovery document, or an OpenID Connect one? There is > absolutely no compelling reason to tie the URL to the OIDC discovery > mechanism. > > I propose that we use “/.well-known/oauth-authorization-server” as the > default discovery location, and state that the document MAY also be > reachable from “/.well-known/openid-configuration” if the server also > provides OpenID Connect on the same domain. Other applications SHOULD use > the same parameter names to describe OAuth endpoints and functions inside > their service-specific discovery document. > > — Justin > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
