Properly implement the OAuth2SecurityScheme
#3090
Labels
w3c-compliance
wot-profile
W3C WoT Profile specification
wot-thing-description
W3C WoT Thing Description specification
Currently Thing Descriptions claim that WebThings Gateway implements the
OAuth2SecurityScheme
. However, I've noticed that this is not fully implemented in the way that third party services might expect.For example it should be possible to:
302
or303
response which redirects to the authentication endpoint, rather than401
)There are also some strange implementation details in the way JWTs are used, like
kid
headers being used to identify individual JWTs, instead of ajti
in the JWT payload.The current implementation provided by the gateway is more like the simpler
BearerSecurityScheme
.The text was updated successfully, but these errors were encountered: