Comments (11)
As soon as the spec is finalized, we will add it.
from identityserver.
As part of this, we think it will be necessary to pass the full validated request to the redirect uri validator.
from identityserver.
Hi! From the presentation "OAuth 2.1" and beyond (as always a great presentation!), I got the impression that PAR was ready to use (even though it still is a draft), but now I realized that it is a planned feature. What are the plans for PAR?
from identityserver.
Looking forward to that, thank you!
from identityserver.
Really looking forward to this :)
from identityserver.
Getting access to the full validated request in the uri validator would be a welcome addition on its own :)
from identityserver.
Some internal notes I jotted down:
1: validate on PAR endpoint (refactor from authZ validator)
2: bypass validation for valid PAR request URI on authZ EP
3: allow client to have per-request redirect_uri (only for confidential clients, JAR). maybe this means we add which params are validated to the request object, and then pass that along to the URI validator.
from identityserver.
🥳
from identityserver.
Any comments on a more precise date for the PAR feature for identity server? :)
from identityserver.
We postpone PAR in favour of DPoP.
DPoP will come in the next version, PAR the version after that.
from identityserver.
related: #983
from identityserver.
Related Issues (20)
- Updating signing in build pipeline
- Unify EF Test Infrastructure
- Support absolute expiration of server side sessions when CoordinateLifetimeWithUserSession is enabled
- Consider marking the IdentityServer session cookies with `__Host` prefix
- OpenTelemetry Metrics Naming HOT 5
- Evolve IConcurrencyLock.Unlock to allow asynchronicity
- Raise an error if the idp doesn't match the requested idp HOT 2
- duende.identityserver is missing NuGet package README file
- Consider different approach for optional services from DI HOT 1
- Filter subject tokens (from token exchange) from logs HOT 4
- Check for empty ClientIds and Types collections in PersistedGrantFilter HOT 2
- Rewrite LicenseValidator.ValidateClient to not use ConcurrentDictionary HOT 1
- Consider post-quantum cryptography sample
- Consider allowing customization of PromptValuesSupported
- Consider allowing multiple IEventSink registrations HOT 2
- Investigate support for X509 Certs and EC Keys HOT 1
- CryptographicException while calling /.well-known/openid-configuration (.NET 8) HOT 14
- Add logging when DistributedCacheStateDataFormatter returns null HOT 5
- Let EF migrations create default table names
- GetIdentityServerRelativeUrl should take into account when IdentityServer is running at a subpath HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from identityserver.