DPROD 1.0b2 FTF Avatar
  1. OMG Issue

DPROD — Security - OIDC

Open Closed All
  • Key: DPROD-40
  • Status: open  
  • Source: eccenca.com ( Mr. Marcel Froehlich)
  • Summary:

    Following one of the conversations around security (dprod:securitySchemaType from November. There is the OIDC Connect Discovery that should be found in a /.well-known/openid-configuration location, so a DataService could specify:

    ...,
    "securitySchemaType": "https://example.com/.well-known/openid-configuration"
    ...,
    The content should look something like this:

    { "issuer": "https://example.com/", "authorization_endpoint": "https://example.com/authorize", "token_endpoint": "https://example.com/token", "userinfo_endpoint": "https://example.com/userinfo", "jwks_uri": "https://example.com/.well-known/jwks.json", "scopes_supported": ["read", "write", "admin"], "response_types_supported": ["code", "id_token", "token id_token"], "token_endpoint_auth_methods_supported": ["client_secret_basic"], ..., }

    There is no automatic way to create an account (and there are accounts for humans and "service accounts" for machines).

    https://github.com/EKGF/dprod/issues/113
  • Reported: DPROD 1.0a1 — Mon, 10 Nov 2025 14:54 GMT
  • Updated: Mon, 10 Nov 2025 14:54 GMT