diff options
| author | mo khan <mo@mokhan.ca> | 2022-03-30 12:34:49 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2022-03-30 12:34:49 -0600 |
| commit | 42f6ff85ee1021d69aaf119d42fb6c5b76752c03 (patch) | |
| tree | dfac8992a06a7c39ac688d3990f2a71ad3357eaf | |
| parent | 40b45715e60c9faf5d233a64f5775f808b549a43 (diff) | |
docs: describe grant extensions
| -rw-r--r-- | doc/authz/OAUTH.md | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/doc/authz/OAUTH.md b/doc/authz/OAUTH.md index de71c1b..d88dbc2 100644 --- a/doc/authz/OAUTH.md +++ b/doc/authz/OAUTH.md @@ -134,6 +134,11 @@ Terraform Cloud token scheme to slowly align with the permissions scheme devised by HCP. Existing Authn/Authz enforcement can remain and be upgraded gradually until all old tokens are eventually expired. +Using OAuth 2.0 allows us to extend our existing system by introducing ways to +accept new grant types like the [SAML Assertion Grant][7], [JWT Assertion Grant][8], +[Device Authz Grant][9] etc. It allows Terraform to integrate with [other vendors][10] +via a Standards based approach that has been peer reviewed by the wider industry. + ## Expected Downsides <!-- Not exhaustive, but what are some initial concerns? --> @@ -157,4 +162,7 @@ understand the interface between services and how they can be extended/attacked. [4]: https://github.com/hashicorp/cloud-idp [5]: https://datatracker.ietf.org/doc/html/rfc6749 [6]: https://rubygems.org/gems/devise - +[7]: https://datatracker.ietf.org/doc/html/rfc7522 +[8]: https://datatracker.ietf.org/doc/html/rfc7523 +[9]: https://datatracker.ietf.org/doc/html/rfc8628 +[10]: https://openid.net/specs/openid-connect-core-1_0.html#ThirdPartyInitiatedLogin |