Skip to content

Consolidate OAuth client authorization entry points behind a unified API #1006

Description

@jamadeo

Follow-up from review discussion on #994 (comment 1, comment 2), and 3.

The draft authorization spec recommends clients obtain a client ID using priority order: pre-registered client information → CIMD → DCR

OAuthState currently exposes each mechanism through a separate entry point, and callers must know which one to pick.

Proposal:

for v3, we can consolidate behind a single start_authorization entry point that accepts a declarative description of the client's available identity material and applies the spec's priority order internally.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions