Details
-
Task
-
Resolution: Not a Bug
-
Major
-
None
-
2.6 GA, 2.7 GA
-
None
-
Not Started
-
Not Started
-
Not Started
-
Not Started
-
Not Started
-
Not Started
Description
A customer reported:
the "OpenID Connect Issuer Type" REST API when defining an API product in 3scale the entpoint to register a client is "<endpoint>/clients" which is hard-coded in zync/app/adapters/rest_adapter.rb. However Forgerock's API has the endpoint "<endpoint>/register".
The client id is created and stored in 3scale first. But Forgerock as IdP will not use this client id but create a new one. And this is the correct behavior (see OAuth 2.0 Dynamic Client Registration Protocol - "This operation registers a client with the authorization server. The authorization server assigns this client a unique client identifier [..]")
Can someone please clarify:
- the endpoints that 3scale calls for the clients registration adhere to some standard?
- 3scale supports clients registration only on IdP that expose that specific endpoint?
- Regarding this shouldn't 3scale adhere to these specs?
- do we have a list of IdP compatible with Zync clients registration?