Added bearer/JWT support and OpenIdConnect #807
Conversation
|
@OAI/tdc Thoughts? |
| @@ -2974,10 +2974,13 @@ Supported schemes are basic authentication, an API key (either as a header or as | |||
| ##### Fixed Fields | |||
| Field Name | Type | Validity | Description | |||
| ---|:---:|---|--- | |||
| <a name="securitySchemeType"></a>type | `string` | Any | **Required.** The type of the security scheme. Valid values are `"basic"`, `"apiKey"` or `"oauth2"`. | |||
| <a name="securitySchemeType"></a>type | `string` | Any | **Required.** The type of the security scheme. Valid values are `"apiKey"`, `"http"`, `"oauth2"`, `"openIdConnect"`. | |||
There was a problem hiding this comment.
I'm going to assume openIdConnect you mean http://openid.net/connect/ ? Is that a generic protocol? Is it ok to use the name in the spec?
I'm wondering if there is a more generic term to describe it.
There was a problem hiding this comment.
The license to use/reference OpenID related works seems pretty unrestricted http://openid.net/specs/openid-connect-discovery-1_0.html#Notices
To be more generic we could have a IdentityProviderURL. OpenID provides both a WebFinger protocol and a .well-known URL for getting at the OpenID configuration. If other Identity Providers come along they would probably have their own "discovery" mechanism.
|
|
||
| ```json | ||
| { | ||
| "type": "scheme", |
| { | ||
| "type": "scheme", | ||
| "scheme" : "bearer", | ||
| "bearerFormat" : "JWT", |
There was a problem hiding this comment.
The bearerFormat may not be necessary, except to indicate that the token will be prefixed by the term Bearer when being passed to the client. More for documentation than anything.
|
"Shall we merge? Cha... Cha... Cha..." |
|
Now that this has been merged into the |
Added bearer/JWT support and OpenIdConnect
No description provided.