Skip to content

Consider adopting RFC 9728 OAuth 2.0 Protected Resource Metadata #15

Description

@kohtala

RFC 9728 OAuth 2.0 Protected Resource Metadata now specifies the discovery of authentication server both before accessing the resource and in the WWW-Authorization header of the 401 response from a resource.

I believe this requires some additional specification on what to place in the metadata for a registry. For example the scopes_supported could be specified to use placeholders {namespace} and {repository} as supported by the registry.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions