...
- One set of OAuth 2.0 URI endpoints for the host to use
- One set of OAuth 2.0 URI endpoints for any requester to use
- The location of the token verification API for the host to verify access tokens received from a requester in step 3.
- (The format of the access tokens to use)
- (The format of the claims formats the AM can generate)
Note | ||
---|---|---|
| ||
|
The Property elements SHOULD be present in the hostmeta document:
Note | |||||||||
---|---|---|---|---|---|---|---|---|---|
| |||||||||
|
Link relationships for the OAuth 2.0 endpoints for the host:
Rel | Cardinality | HTTP Method(s) | Description | ||||
---|---|---|---|---|---|---|---|
http://kantarainitiative.org/confluence/display/uma/host_user_uri | Required | As defined by OAuth | Supplies the OAuth user_uri endpoint hosts should use to gather the consent of the authorizing user for a host-AM relationship. | ||||
http://kantarainitiative.org/confluence/display/uma/host_token_uri | Required | As defined by OAuth | Supplies the OAuth token_uri endpoint hosts should use to ask for a host access token. | http://kantarainitiative.org/confluence/display/uma/host_resource_details_uri | Required | POST (with host access token) | Supplies the UMA endpoint hosts should use to provide details about the authorizing user's resources being protected at this host. MUST use HTTPS. |
http://kantarainitiative.org/confluence/display/uma/host_token_validation_uri | Optional | POST (with host access token) | Supplies the UMA endpoint hosts should use to request validation of access tokens presented to them by requesters in Step 3. MUST use HTTPS. |
Link relationships for the OAuth 2.0 endpoints for the requester:
Rel | Cardinality | HTTP Method(s) | Description |
---|---|---|---|
http://kantarainitiative.org/confluence/display/uma/req_user_uri | Required | As defined by OAuth | Supplies the OAuth user_uri endpoint requesters should use to gather the consent of the authorizing user for user delegation flows in synchronous person-to-service sharing scenarios. |
http://kantarainitiative.org/confluence/display/uma/req_token_uri | Required | As defined by OAuth | Supplies the OAuth token_uri endpoint requesters should use to ask for an access token in Step 2. |
Info | |
---|---|
|
...
|
...
|
Host obtains authorizing user's consent to trust AM for access decisions
...