[mitreid-connect] UMA Resource Set creation
Luiz Omori
luiz.omori at duke.edu
Mon Nov 23 21:04:33 EST 2015
Humm, where is “resource_set_registration_endpoint”? See below what I’m getting from the well-known endpoint. What is the usual value for “resource_set_registration_endpoint” e.g. considering the root as http://localhost:8080/uma-server-webapp-1.2.2?
{
"request_parameter_supported":true,
"claims_parameter_supported":false,
"introspection_endpoint":"http://localhost:8080/uma-server-webapp-1.2.2/introspect",
"scopes_supported":[
"openid",
"profile",
"email",
"address",
"phone",
"offline_access"
],
"issuer":"http://localhost:8080/uma-server-webapp-1.2.2/",
"userinfo_encryption_enc_values_supported":[
"A256CBC+HS512",
"A256GCM",
"A192GCM",
"A128GCM",
"A128CBC-HS256",
"A192CBC-HS384",
"A256CBC-HS512",
"A128CBC+HS256"
],
"id_token_encryption_enc_values_supported":[
"A256CBC+HS512",
"A256GCM",
"A192GCM",
"A128GCM",
"A128CBC-HS256",
"A192CBC-HS384",
"A256CBC-HS512",
"A128CBC+HS256"
],
"authorization_endpoint":"http://localhost:8080/uma-server-webapp-1.2.2/authorize",
"service_documentation":"http://localhost:8080/uma-server-webapp-1.2.2/about",
"request_object_encryption_enc_values_supported":[
"A256CBC+HS512",
"A256GCM",
"A192GCM",
"A128GCM",
"A128CBC-HS256",
"A192CBC-HS384",
"A256CBC-HS512",
"A128CBC+HS256"
],
"userinfo_signing_alg_values_supported":[
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512",
"ES256",
"ES384",
"ES512",
"PS256",
"PS384",
"PS512"
],
"claims_supported":[
"sub",
"name",
"preferred_username",
"given_name",
"family_name",
"middle_name",
"nickname",
"profile",
"picture",
"website",
"gender",
"zone_info",
"locale",
"updated_at",
"birthdate",
"email",
"email_verified",
"phone_number",
"phone_number_verified",
"address"
],
"claim_types_supported":[
"normal"
],
"op_policy_uri":"http://localhost:8080/uma-server-webapp-1.2.2/about",
"token_endpoint_auth_methods_supported":[
"client_secret_post",
"client_secret_basic",
"client_secret_jwt",
"private_key_jwt",
"none"
],
"token_endpoint":"http://localhost:8080/uma-server-webapp-1.2.2/token",
"response_types_supported":[
"code",
"token"
],
"request_uri_parameter_supported":false,
"userinfo_encryption_alg_values_supported":[
"RSA-OAEP",
"RSA-OAEP-256",
"RSA1_5"
],
"grant_types_supported":[
"authorization_code",
"implicit",
"urn:ietf:params:oauth:grant-type:jwt-bearer",
"client_credentials",
"urn:ietf:params:oauth:grant_type:redelegate"
],
"revocation_endpoint":"http://localhost:8080/uma-server-webapp-1.2.2/revoke",
"userinfo_endpoint":"http://localhost:8080/uma-server-webapp-1.2.2/userinfo",
"token_endpoint_auth_signing_alg_values_supported":[
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512",
"ES256",
"ES384",
"ES512",
"PS256",
"PS384",
"PS512"
],
"op_tos_uri":"http://localhost:8080/uma-server-webapp-1.2.2/about",
"require_request_uri_registration":false,
"id_token_encryption_alg_values_supported":[
"RSA-OAEP",
"RSA-OAEP-256",
"RSA1_5"
],
"jwks_uri":"http://localhost:8080/uma-server-webapp-1.2.2/jwk",
"subject_types_supported":[
"public",
"pairwise"
],
"id_token_signing_alg_values_supported":[
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512",
"ES256",
"ES384",
"ES512",
"PS256",
"PS384",
"PS512",
"none"
],
"registration_endpoint":"http://localhost:8080/uma-server-webapp-1.2.2/register",
"request_object_signing_alg_values_supported":[
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512",
"ES256",
"ES384",
"ES512",
"PS256",
"PS384",
"PS512"
],
"request_object_encryption_alg_values_supported":[
"RSA-OAEP",
"RSA-OAEP-256",
"RSA1_5"
]
}
Regards,
Luiz
From: <mitreid-connect-bounces at mit.edu<mailto:mitreid-connect-bounces at mit.edu>> on behalf of Justin Richer
Date: Monday, November 23, 2015 at 6:23 PM
To: "mitreid-connect at mit.edu<mailto:mitreid-connect at mit.edu>"
Subject: Re: [mitreid-connect] UMA Resource Set creation
This is a broken part of the UMA spec. You need to add "/resource_set" to the end of the value in "resource_set_registration_endpoint" in the discovery document. "registration_endpoint" is for dynamic client registration.
There is not currently any UI to interact with the resource set registration because this is intended to be an action taken by *resource servers* and not by users directly. The self-service developer protected resource registration is not for UMA-style protected resources but rather for OAuth protected resources that are set up to use token introspection.
Hope that helps,
-- Justin
On 11/23/2015 4:20 PM, Luiz Omori wrote:
Hi,
We are looking into the UMA implementation and have some basic questions. Is there a way to register resource sets (as in https://docs.kantarainitiative.org/uma/draft-oauth-resource-reg.html) through the UI? If not, what is the endpoint for that? We tried the registration endpoint from the well-known response but it didn’t work (http://localhost:8080/uma-server-webapp-1.2.2/.well-known/openid-configuration -> "registration_endpoint":"http://localhost:8080/uma-server-webapp-1.2.2/register”)
Regards,
Luiz
_______________________________________________
mitreid-connect mailing list
mitreid-connect at mit.edu<mailto:mitreid-connect at mit.edu>http://mailman.mit.edu/mailman/listinfo/mitreid-connect
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20151123/1907d0eb/attachment-0001.html
More information about the mitreid-connect
mailing list