How would a client know that an rfc-8414 (oauth) server supports Client ID Metadata Documents (CIMD)?
#oauth #cimd
After much faffing about, I have implemented the dynamic #OAuth2 client creation for #GoActivityPub services using the Client ID Metadata Document[1] that's been proposed as a replacement(?) for RFC7591 (Dynamic Client Registration Protocol).
The changes are in both the Authorization service and in the BOX #ActivityPub client to server helper.
[1] https://datatracker.ietf.org/doc/draft-ietf-oauth-client-id-metadata-document/
#CIMD
OAuth Client ID Metadata Document
This specification defines a mechanism through which an OAuth client can identify itself to authorization servers, without prior dynamic client registration or other existing registration. This is through the usage of a URL as a client_id in an OAuth flow, where the URL refers to a document containing the necessary client metadata, enabling the authorization server to fetch the metadata about the client as needed.
django
marius