- From: <Markus.Staud@bmw.de>
- Date: Fri, 2 Sep 2016 11:14:31 +0000
- To: <public-hydra@w3.org>
- Message-ID: <c50e578dc4264965bd669b898cb1503b@smucm07l.europe.bmw.corp>
Hi everyone, as I am new to this community I want to shortly introduce myself. My name is Markus Staud and I am currently doing my master's thesis at BMW in Munich, which got me into JSON-LD and Hydra. When I was going deeper into Hydra and its specification, I was wondering if there is any ongoing discussion regarding how to model authentication flows like OAuth? I was playing around with some ideas myself and came to a couple of conclusions I wanted to share for an open discussion: - An Authentication class would be useful, maybe also derived classes for authorization schemes specifying OAuth 1, OAuth 2 or simple API key? - Properties for OAuth2 I identified so far would be grant_type, authorization_endpoint, token_endpoint - Should an authentication property in the ApiDocumentation provide a model of the authorization flow? - As operations then usually need a token or credentials, there would need to be some property indicating this - This token can either be in the URI as a query parameter, in a Header or within the body While I am continuing to work on something like an extension to hydra to model these relations/processes I would welcome any input! Thank you in advance! Markus
Received on Friday, 2 September 2016 11:15:10 UTC