Update 'README.md'
This commit is contained in:
parent
48a9b6f049
commit
d118b4078b
46
README.md
46
README.md
|
@ -77,7 +77,7 @@ Just a quick intro to vocabulary that will be explained more thoroughly later on
|
||||||
|
|
||||||
### Scopes
|
### Scopes
|
||||||
|
|
||||||
Scopes are federated schemas. Any issuer may act as the agent of the subject to authorize any azp for any audience. To make this possible scopes are defined as `<<schema>>@<<domain.tld>>` (i.e. dns@oauth3.org) and can be discovered as `https://aud.tld/.well-known/scopes@oauth3.org/<<schema>>@<<domain.tld>>.json`.
|
Scopes are federated schemas. Any issuer may act as the agent of the subject to authorize any azp for any audience. To make this possible scopes are defined as `{schema}@{domain.tld}` (i.e. dns@oauth3.org) and can be discovered as `https://aud.tld/.well-known/scopes@oauth3.org/{schema}@{domain.tld}.json`.
|
||||||
|
|
||||||
Examples of well-known scope-schemas:
|
Examples of well-known scope-schemas:
|
||||||
|
|
||||||
|
@ -189,11 +189,11 @@ Example **discovery url**:
|
||||||
```
|
```
|
||||||
https://smithfam.net/.well-known/oauth3/#/
|
https://smithfam.net/.well-known/oauth3/#/
|
||||||
?action=directives
|
?action=directives
|
||||||
&state=<<state>>
|
&state={state}
|
||||||
&redirect_uri=<<encodeURIComponent("https://azp.tld/.well-known/oauth3/callback.html#/")>>
|
&redirect_uri={encodeURIComponent("https://azp.tld/.well-known/oauth3/callback.html#/")}
|
||||||
&response_type=rpc
|
&response_type=rpc
|
||||||
&_method=GET
|
&_method=GET
|
||||||
&_pathname=<<encodeURIComponent(".well-known/oauth3/directives.json")>>
|
&_pathname={encodeURIComponent(".well-known/oauth3/directives.json")}
|
||||||
&debug=false
|
&debug=false
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -209,9 +209,9 @@ The `redirect_uri` in our example was specified as `https://azp.tld/.well-known/
|
||||||
|
|
||||||
```
|
```
|
||||||
https://azp.tld/.well-known/oauth3/callback.html#/
|
https://azp.tld/.well-known/oauth3/callback.html#/
|
||||||
?state=<<params.state>>
|
?state={params.state}
|
||||||
&directives=<<OAUTH3._base64.encodeUrlSafe(JSON.stringify(directives))>>
|
&directives={OAUTH3._base64.encodeUrlSafe(JSON.stringify(directives))}
|
||||||
&debug=<<params.debug>>
|
&debug={params.debug}
|
||||||
```
|
```
|
||||||
|
|
||||||
This url replaces the current window (currently loaded at the discovery url).
|
This url replaces the current window (currently loaded at the discovery url).
|
||||||
|
@ -279,14 +279,14 @@ Example **authorization dialog** url (using the example above):
|
||||||
https://smithfam.net/#/authorization_dialog/
|
https://smithfam.net/#/authorization_dialog/
|
||||||
?response_type=token
|
?response_type=token
|
||||||
&scope=authn@oauth3.org
|
&scope=authn@oauth3.org
|
||||||
&state=<<OAUTH3.utils.randomState()>>
|
&state={OAUTH3.utils.randomState()}
|
||||||
&client_uri=azp.tld
|
&client_uri=azp.tld
|
||||||
&client_id=azp.tld
|
&client_id=azp.tld
|
||||||
&subject=jane@smithfam.net
|
&subject=jane@smithfam.net
|
||||||
&jwk_kty=<<EC>>
|
&jwk_kty={EC}
|
||||||
&jwk_kid=<<thumbprint of key>>
|
&jwk_kid={thumbprint of key}
|
||||||
&jwk_XXX=<<property XXX of jwk>>
|
&jwk_XXX={property XXX of jwk}
|
||||||
&redirect_uri=<<encodeURIComponent('https://azp.tld/.well-known/oauth3/callback.html')>>
|
&redirect_uri={encodeURIComponent('https://azp.tld/.well-known/oauth3/callback.html')}
|
||||||
&debug=false
|
&debug=false
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -324,12 +324,12 @@ In the reference implementation the user is sent an email with a login code or t
|
||||||
A JWT (token) with the following properties will be generated:
|
A JWT (token) with the following properties will be generated:
|
||||||
|
|
||||||
```
|
```
|
||||||
{ "jti": "<<nonce>>"
|
{ "jti": "{nonce}"
|
||||||
, "iat": <<issued at unix timestamp in seconds>>
|
, "iat": {issued at unix timestamp in seconds}
|
||||||
, "amr": "pwd@oauth3.org"
|
, "amr": "pwd@oauth3.org"
|
||||||
, "laa": <<last authentication at unix timestamp in seconds>>
|
, "laa": {last authentication at unix timestamp in seconds}
|
||||||
, "exp": <<expiry unix timestamp in seconds>>
|
, "exp": {expiry unix timestamp in seconds}
|
||||||
, "sub": "<<psuedonymous pairwise identifier>>"
|
, "sub": "{psuedonymous pairwise identifier}"
|
||||||
, "iss": "smithfam.net"
|
, "iss": "smithfam.net"
|
||||||
, "azp": "azp.tld"
|
, "azp": "azp.tld"
|
||||||
, "aud": "azp.tld"
|
, "aud": "azp.tld"
|
||||||
|
@ -346,12 +346,12 @@ The token will be passed back to the application in the following form:
|
||||||
|
|
||||||
```
|
```
|
||||||
https://azp.tld/.well-known/oauth3/callback.html#/
|
https://azp.tld/.well-known/oauth3/callback.html#/
|
||||||
?access_token=<<token>>
|
?access_token={token}
|
||||||
&token_type=<<Bearer>>
|
&token_type={Bearer}
|
||||||
&refresh_token=<<refresh_token>>
|
&refresh_token={refresh_token}
|
||||||
&expires_in=<<token.exp - now>>
|
&expires_in={token.exp - now}
|
||||||
&scope=<<token.scp>>
|
&scope={token.scp}
|
||||||
&state=<<params.state>>
|
&state={params.state}
|
||||||
&debug=false
|
&debug=false
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue