Comments (2)
Hey,
- Are there breaking changes for service consumers (Connectors)?
- I heard that a DAPSv3 Spec is planned, which might adjust routes to /.well-known/jwks.json
There shouldn't be. The OAuth 2.0 specification did not change, and Omejdn still aims to be compliant. That said, the JWKS URI mentioned is neither a real well-known URI, nor part of IDS-G.
It is a relic which is still needed for old connectors which still have this path hardcoded. The modern (and IDS-G compliant) way to discover this URI (and any other URIs related to the DAPS) is documented in IDS-G.
Omejdn hasn't supported this URI for quite some time now and the DAPS configuration repo accounts for this via the reverse proxy.
- What is planned with "Beginnings of Admin API v2" and what is the purpose?
Omejdn's Admin API v1 wasn't really stable, nor does it reflect Omejdn's capabilities.
It was simply meant as a way to read and write to the configuration files remotely, mainly from the UI.
But that meant that whenever the configuration file format changed, so did the API.
Of course, the usual way to deal with this is by modifying the API handler to hide the changes (or at least make them backwards-compatible), but this turned out to be challenging as well because the requests could not easily and reliably be translated. E.g. when the preliminary support for external OpenID-Providers got replaced with a more compliant Federation System, handled in a plugin.
Admin API v2 hopes to fix these issues, now that Omejdn has evolved quite a bit. It aims to provide a maintainable API based on well-defined, unlikely to change representations of the resources being available.
It is still unfinished, and work on it will probably be slow unless someone volunteers to contribute.
This does not mean that v1 will go away too soon, but it will be supported about as well as it is now.
- Which new features are to be expected with the commit and further developments?
- Is there some kind of roadmap for the next months what will be worked on?
Much of the work currently goes into making Omejdn more maintainable. This includes making upstream changes to the dependencies of Omejdn, like ruby-jwt
, which I hope might eventually be able to handle all the certificate-related stuff which is not part of OAuth (which works with JOSE only apart from TLS).
A concrete roadmap does not exist at this point in time.
from omejdn-server.
Thanks for the detailed clarification! Looking forward to new releases.
from omejdn-server.
Related Issues (20)
- Separate User selection from authentication HOT 3
- Simpler Certificate File Names HOT 1
- Certificate Bound Access Tokens HOT 4
- Misleading documentation HOT 1
- Outputs are cached instead of written to stdout on Docker HOT 1
- Client Certificate Revocation Checks
- Warn or refuse to import invalid certificates HOT 2
- How to request an access token? HOT 4
- Respect `response_mode` in error responses
- Sanitize scopes in Session
- Show requested Claims to User
- Rethink Logouts HOT 1
- DAPS capability of holding one attribute HOT 5
- Logout URL formatting issue
- Bug in KEYS_LOAD_ALL event of DefaultKeysDB HOT 1
- Invalid request: Content longer than specified HOT 4
- Make `scope` optional in token request for `client_credentials` HOT 1
- JWKS endpoint as a high risk resource of the entire dataspace HOT 1
- The ```resource_owner.attributes``` field used by ```filter_scopes``` is not a ```Hash```
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from omejdn-server.