Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove obsolete / insecure OAuth2 flows from this spec #27

Open
GeorgDangl opened this issue Jun 22, 2021 · 1 comment
Open

Remove obsolete / insecure OAuth2 flows from this spec #27

GeorgDangl opened this issue Jun 22, 2021 · 1 comment
Milestone
2.x

Comments

@GeorgDangl
Copy link
Member

Here, we're listing two flows: https://github.com/buildingSMART/foundation-API#221-obtaining-authentication-information

  • implicit_grant, which has been effectively deprecated, or at least it's usage is heavily discouraged
  • resource_owner_password_credentials_grant, which never really was considered secure in scenarios where you did not control all services involved

This was brought up in the meeting today, and we should just remove it from the spec completely.
@ykulbak ykulbak added this to the 2.x milestone May 17, 2022
@ykulbak
Copy link
Collaborator

ykulbak commented Sep 25, 2023

Sep 25th 2023. See discussion on generalising OAUTH flows to avoid banning supported features on #25 (same date).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.x
Development

No branches or pull requests
2 participants
@ykulbak @GeorgDangl