-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rewrite the OAuth2 API to make GraphQL requests #54
Comments
This will require us to add core support for an authorization header that contains client credentials and a refresh token... |
As I've continued to think through the relationship between OAuth and AuthX, I have grown more confident that this is a solid strategy. We will need to come up with an appropriate scheme according to RFC7235, and then select (or create) a "root" authorization for the grant like we currently do for the oauth2 flow. |
After considering the extension mechanism described in #52, it's become clear that instead of providing an additional API that uses models directly, this should instead make GraphQL requests to the AuthX server. This way we avoid bypassing any registered extensions (which will be applied at the GraphQL layer).
The text was updated successfully, but these errors were encountered: