coolaj86
/
OAUTH3-SPEC
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update 'README.md'

This commit is contained in:
AJ ONeal 2017-08-07 22:14:24 +00:00
parent 48a9b6f049
commit d118b4078b
1 changed files with 23 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
README.md
View File

@ -77,7 +77,7 @@ Just a quick intro to vocabulary that will be explained more thoroughly later on
### Scopes
Scopes are federated schemas. Any issuer may act as the agent of the subject to authorize any azp for any audience. To make this possible scopes are defined as `<<schema>>@<<domain.tld>>` (i.e. dns@oauth3.org) and can be discovered as `https://aud.tld/.well-known/scopes@oauth3.org/<<schema>>@<<domain.tld>>.json`.
Scopes are federated schemas. Any issuer may act as the agent of the subject to authorize any azp for any audience. To make this possible scopes are defined as `{schema}@{domain.tld}` (i.e. dns@oauth3.org) and can be discovered as `https://aud.tld/.well-known/scopes@oauth3.org/{schema}@{domain.tld}.json`.
Examples of well-known scope-schemas:
@ -189,11 +189,11 @@ Example **discovery url**:
```
https://smithfam.net/.well-known/oauth3/#/
?action=directives
&state=<<state>>
&redirect_uri=<<encodeURIComponent("https://azp.tld/.well-known/oauth3/callback.html#/")>>
&state={state}
&redirect_uri={encodeURIComponent("https://azp.tld/.well-known/oauth3/callback.html#/")}
&response_type=rpc
&_method=GET
&_pathname=<<encodeURIComponent(".well-known/oauth3/directives.json")>>
&_pathname={encodeURIComponent(".well-known/oauth3/directives.json")}
&debug=false
```
@ -209,9 +209,9 @@ The `redirect_uri` in our example was specified as `https://azp.tld/.well-known/
```
https://azp.tld/.well-known/oauth3/callback.html#/
?state=<<params.state>>
&directives=<<OAUTH3._base64.encodeUrlSafe(JSON.stringify(directives))>>
&debug=<<params.debug>>
?state={params.state}
&directives={OAUTH3._base64.encodeUrlSafe(JSON.stringify(directives))}
&debug={params.debug}
```
This url replaces the current window (currently loaded at the discovery url).
@ -279,14 +279,14 @@ Example **authorization dialog** url (using the example above):
https://smithfam.net/#/authorization_dialog/
?response_type=token
&scope=authn@oauth3.org
&state=<<OAUTH3.utils.randomState()>>
&state={OAUTH3.utils.randomState()}
&client_uri=azp.tld
&client_id=azp.tld
&subject=jane@smithfam.net
&jwk_kty=<<EC>>
&jwk_kid=<<thumbprint of key>>
&jwk_XXX=<<property XXX of jwk>>
&redirect_uri=<<encodeURIComponent('https://azp.tld/.well-known/oauth3/callback.html')>>
&jwk_kty={EC}
&jwk_kid={thumbprint of key}
&jwk_XXX={property XXX of jwk}
&redirect_uri={encodeURIComponent('https://azp.tld/.well-known/oauth3/callback.html')}
&debug=false
```
@ -324,12 +324,12 @@ In the reference implementation the user is sent an email with a login code or t
A JWT (token) with the following properties will be generated:
```
{ "jti": "<<nonce>>"
, "iat": <<issued at unix timestamp in seconds>>
{ "jti": "{nonce}"
, "iat": {issued at unix timestamp in seconds}
, "amr": "pwd@oauth3.org"
, "laa": <<last authentication at unix timestamp in seconds>>
, "exp": <<expiry unix timestamp in seconds>>
, "sub": "<<psuedonymous pairwise identifier>>"
, "laa": {last authentication at unix timestamp in seconds}
, "exp": {expiry unix timestamp in seconds}
, "sub": "{psuedonymous pairwise identifier}"
, "iss": "smithfam.net"
, "azp": "azp.tld"
, "aud": "azp.tld"
@ -346,12 +346,12 @@ The token will be passed back to the application in the following form:
```
https://azp.tld/.well-known/oauth3/callback.html#/
?access_token=<<token>>
&token_type=<<Bearer>>
&refresh_token=<<refresh_token>>
&expires_in=<<token.exp - now>>
&scope=<<token.scp>>
&state=<<params.state>>
?access_token={token}
&token_type={Bearer}
&refresh_token={refresh_token}
&expires_in={token.exp - now}
&scope={token.scp}
&state={params.state}
&debug=false
```