Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Review #1

Open
2 of 4 tasks
peppelinux opened this issue Nov 20, 2023 · 0 comments
Open
2 of 4 tasks

Review #1

peppelinux opened this issue Nov 20, 2023 · 0 comments
Assignees
@peppelinux @giadas

Comments

@peppelinux
Copy link
Owner

peppelinux commented Nov 20, 2023
edited
Loading

  • The proposed solution assumes that the interaction starts with the client interacting with the server without a nonce. As a result, an error code is returned with the nonce endpoint details and the client is then expected to interact with the nonce endpoint, obtain a new nonce, and then retry the request with the nonce.

  • The document should describe a flow that would allow the client to initially go directly to the nonce endpoint to obtain a nonce before contacting the server, to avoid the error case. (see: added nonce request sequence diagram #15)

  • the document should describe a flow that would allow a valid response to a request with a valid nonce to return a new nonce that could be used with subsequent requests to avoid the need for a new request to the nonce endpoint, as an optimization to reduce latency in load situations.

  • The document should also add this new endpoint to the "OAuth Authorization Server Metadata" registry. (See: feat: metadata registration #16)
@peppelinux peppelinux self-assigned this Feb 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@peppelinux peppelinux

@giadas giadas

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@peppelinux @giadas