Completed
Details
Assignee
Philip SmartPhilip SmartReporter
Philip SmartPhilip SmartComponents
Details
Details
Assignee
Philip Smart
Philip SmartReporter
Philip Smart
Philip SmartComponents
Created February 17, 2022 at 3:58 PM
Updated October 14, 2022 at 1:29 PM
Resolved October 14, 2022 at 1:29 PM
Currently, requested scopes for an OP are defined in OIDC client information metadata e.g.
The scopes are pulled off the resolved client information metadata during authentication request constructions. This is deficient because:
It just pulls them off the client information object, the RP does not have a pluggable resolver type implementation. We could add one when everything else is in place, perhaps.
It is global for all users of that RP->OP pair. It might need to be more granular - although the RP does not know anything about the user at this stage.
A similar work item in the OP already exists JIRA??