Should we define a discovery metadata for request object endpoint

Issue #134 resolved
Joseph Heenan created an issue

Part 2 mentions the request object endpoint in section 7, however it's unclear how clients discover a server's request object endpoint, or whether or not the server has one.

Should (can?) FAPI define a new entry in the provider meta data to hold the url for this endpoint, like the others in

The current language in the spec seems a little unclear to me too - is a FAPI part 2 compliant AS required to provide a request object endpoint?

Comments (4)

  1. Dave Tonge

    We discussed adding it to the FAPI spec for now. We can later adjust the FAPI spec to reference OAuth JAR.

    I'll do a pull request using the key: request_object_endpoint

  2. Log in to comment