discovery document path
Issue #9
resolved
Based on: https://www.ietf.org/mail-archive/web/oauth/current/msg17745.html
The .well-known URL of the discovery document should be formed in a different way. Instead of adding /.well-known/ at the very end of the issuer URL (after the optional path) rather insert it at the beginning of the path.
Comments (3)
-
reporter
-
reporter
risc-secevent updated such that /.well-known/risc-configuration goes between host and path, similar to OAuth Discovery: https://tools.ietf.org/html/draft-ietf-oauth-discovery-10#section-3.1
also added relevant IANA considerations
-
reporter
- changed status to resolved
- Log in to comment
At the RISC F2F yesterday we decided to use the new format, .well-known at the root in order to be compliant with the new IETF requirements.
BCP 190: URI Design and Ownership https://tools.ietf.org/html/bcp190
RFC 5785: Defining Well-Known Uniform Resource Identifiers (URIs) https://tools.ietf.org/html/rfc5785
Assuming the issuer is https://example.com/tenant1, with the old approach (like OpenID Connect Discovery) the discovery document URL would be: https://example.com/tenant1/.well-known/risc-configuration
With the new approach, IETF compatible, the discovery document URL should be: https://example.com/.well-known/risc-configuration/tenant1
.well-known together with tenant1 both move to the root.