diff options
| author | mo khan <mo@mokhan.ca> | 2022-03-30 13:50:48 -0600 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-03-30 13:50:48 -0600 |
| commit | f62315ef13ef48aafa6c130709732270986bfd5f (patch) | |
| tree | da51ef259efb1ecbf4010c6d1ecd0fbb1746b873 | |
| parent | 7bd8dd84924b54804e67f82c162ba2c2ff13d966 (diff) | |
Update OAUTH.md
| -rw-r--r-- | doc/authz/OAUTH.md | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/doc/authz/OAUTH.md b/doc/authz/OAUTH.md index 3ea6332..460b915 100644 --- a/doc/authz/OAUTH.md +++ b/doc/authz/OAUTH.md @@ -39,7 +39,7 @@ Protocol Flow * [RFC-6749 - OAuth 2.0][5] -The `AccessToken` and/or `IDToken` will use the [JWT][] scheme with the some of +The `AccessToken` and/or `IDToken` will use the [JWT][12] scheme with the some of the standard claims. The `scope` claim will include a space delimited list of permissions that the current subject is entitled to. @@ -129,7 +129,7 @@ Resource Owner. This allows Terraform Cloud to delegate authorization using a standard protocol that can be replaced by other implementations that adhere to the protocols -without needing to directly couple to HCP. It will also also the upgrade of the +without needing to directly couple to HCP. It will also allow the upgrade of the Terraform Cloud token scheme to slowly align with the permissions scheme devised by HCP. Existing Authn/Authz enforcement can remain and be upgraded gradually until all old tokens are eventually expired. @@ -167,3 +167,4 @@ understand the interface between services and how they can be extended/attacked. [9]: https://datatracker.ietf.org/doc/html/rfc8628 [10]: https://openid.net/specs/openid-connect-core-1_0.html#ThirdPartyInitiatedLogin [11]: https://www.mokhan.ca/f3a609d2c422d4d2ef1d761be4323c3955b21513f7613993acaec30dd4f76dde.html +[12]: https://datatracker.ietf.org/doc/html/rfc7519 |