OAuth 2 Token from all request headers is validated.
this way it is working with many standard oauth2 clients like python rauth, postman.
I managed to connect Android Authenticator/SyncAdapter using standard OAuth2 Flow.
Community is also discussing about Magento OAuth 2 connector
reference:
https://github.com/frappe/frappe/blob/develop/frappe/api.py#L38
https://github.com/frappe/frappe/blob/develop/frappe/api.py#L131
Right now, access_token stores user and set the stored user in validate_oauth()
This gives access_token all the permissions user has.
Scopes are validated, i.e only the scopes stored in oauth 2 client are valid.
also if openid is present in scope id_token is sent along with response
So if you have ideas to connect scopes and roles it’ll be awesome!
For the steps, go for it! Fork Frappe develop branch and create a feature branch on your fork. Tag me on PR I’ll collaborate.
All above apps must not break after upgrade, If there is some change required we will also have to update documentation.
openid_profile endpoint
Standard Claims Draft: OpenID Connect Basic Client Profile 1.0 - draft 28
Roles Can be additional claim as mentioned Draft: OpenID Connect Basic Client Profile 1.0 - draft 28