Table of Contents
In OAuth, an Authorization Server is responsible for "issuing access tokens to the client after successfully authenticating the resource owner and obtaining authorization."
The interaction between the authorization server and resource server is beyond the scope of this specification. The authorization server may be the same server as the resource server or a separate entity.
Since the relationship between the authorization server and resource server in OAuth2 is undefined, Site is able to fulfill the role of an authorization server as well as a resource server.
The authorization server may be the same server as the resource server…
— draft-ietf-oauth-v2-1-05
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-05#section-1.3.3
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-05#section-1.3.3
|
Note
|
TODO: If this is written as an operation, much of it can be defaulted leaving the user to decide the URI and other optional details, perhaps such as which types of authorization grant to support. |
link:../../test/juxt/book.clj[role=include]|
Note
|
TODO: Add a protection space so that we can authenticate the user. We may as well use the OpenID one that we configured in [ch-openid]. |