Skip to content
This repository has been archived by the owner on Feb 17, 2024. It is now read-only.

Add support for extension OAuth 2.0 Authorization Grants #100

Closed
nohorbee opened this issue Sep 16, 2014 · 2 comments
Closed

Add support for extension OAuth 2.0 Authorization Grants #100

nohorbee opened this issue Sep 16, 2014 · 2 comments
Milestone
RAML 1.0

Comments

@nohorbee
Copy link

Add a property to the OAuth 2.0 settings extensionAuthorizationGrants, which should be a list of any extension Authorization grant types supported by the Authentication server, since these can be anything that the OAuth vendor has defined, it is the vendor's responsibility to document how those should work.

#%RAML 0.8
title: My Sample API
securitySchemes:
    - oauth_2_0:
        description: |
            OAuth 2.0 implementation.
        type: OAuth 2.0
        settings:
          authorizationUri: https://www.myapi.com/1/oauth2/authorize
          accessTokenUri: https://www.myapi.com/1/oauth2/token
          authorizationGrants: [ authorization_code, password ]
          extensionAuthorizationGrants: [ 'urn:ietf:params:oauth:grant-type:saml2-bearer' ]
@nohorbee nohorbee added this to the v1.0 milestone Sep 16, 2014
@usarid usarid modified the milestones: v1.0, v1.0 - staging Sep 30, 2015
@usarid usarid mentioned this issue Sep 30, 2015
Closed
@aldonline
Copy link
Contributor

Specific extensions like these are a good fit for annotations ( #174 )

@aldonline aldonline modified the milestones: v1.0 - tentatively subsumed by other candidates, v1.0 - staging Oct 1, 2015
@sichvoge sichvoge modified the milestones: v1.0, v1.0 - tentatively subsumed by other candidates Apr 29, 2016
@usarid
Copy link
Contributor

usarid commented May 1, 2016
edited
Loading

Let's not add another key (not add extensionAuthorizationGrants), and instead allow the items in the value of authorizationGrants to include not just the standard authorization_code, password, client_credentials, and implicit strings but also any absolute URI, just as defined in https://tools.ietf.org/html/rfc6749#section-4.5 . There will never be any ambiguity in the values of the items, because no absolute URI looks like any of the strings authorization_code, password, client_credentials, and implicit.

An example:

authorizationGrants: [ authorization_code, password , 'urn:ietf:params:oauth:grant-type:saml2-bearer' ]

@sichvoge sichvoge modified the milestones: RAML 1.0, v1.0 May 1, 2016
@sichvoge sichvoge mentioned this issue May 1, 2016
Merged
@sichvoge sichvoge closed this as completed May 1, 2016
petrochenko-pavel-a added a commit to raml-org/raml-definition-system that referenced this issue May 2, 2016
@petrochenko-pavel-a
changes required for raml-org/raml-spec#100
f597eb1 
 and  raml-org/raml-spec#99
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Milestone
RAML 1.0
Development

No branches or pull requests
4 participants
@usarid @aldonline @sichvoge @nohorbee