Features and Specification about omejdn-server HOT 2 CLOSED

Hey,

• Are there breaking changes for service consumers (Connectors)?
• I heard that a DAPSv3 Spec is planned, which might adjust routes to /.well-known/jwks.json

There shouldn't be. The OAuth 2.0 specification did not change, and Omejdn still aims to be compliant. That said, the JWKS URI mentioned is neither a real well-known URI, nor part of IDS-G.
It is a relic which is still needed for old connectors which still have this path hardcoded. The modern (and IDS-G compliant) way to discover this URI (and any other URIs related to the DAPS) is documented in IDS-G.
Omejdn hasn't supported this URI for quite some time now and the DAPS configuration repo accounts for this via the reverse proxy.

• What is planned with "Beginnings of Admin API v2" and what is the purpose?

Omejdn's Admin API v1 wasn't really stable, nor does it reflect Omejdn's capabilities.
It was simply meant as a way to read and write to the configuration files remotely, mainly from the UI.
But that meant that whenever the configuration file format changed, so did the API.
Of course, the usual way to deal with this is by modifying the API handler to hide the changes (or at least make them backwards-compatible), but this turned out to be challenging as well because the requests could not easily and reliably be translated. E.g. when the preliminary support for external OpenID-Providers got replaced with a more compliant Federation System, handled in a plugin.

Admin API v2 hopes to fix these issues, now that Omejdn has evolved quite a bit. It aims to provide a maintainable API based on well-defined, unlikely to change representations of the resources being available.
It is still unfinished, and work on it will probably be slow unless someone volunteers to contribute.
This does not mean that v1 will go away too soon, but it will be supported about as well as it is now.

• Which new features are to be expected with the commit and further developments?
• Is there some kind of roadmap for the next months what will be worked on?

Much of the work currently goes into making Omejdn more maintainable. This includes making upstream changes to the dependencies of Omejdn, like ruby-jwt, which I hope might eventually be able to handle all the certificate-related stuff which is not part of OAuth (which works with JOSE only apart from TLS).
A concrete roadmap does not exist at this point in time.

from omejdn-server.

Thanks for the detailed clarification! Looking forward to new releases.

from omejdn-server.