diff options
| -rw-r--r-- | doc/authz/OAUTH.md | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/doc/authz/OAUTH.md b/doc/authz/OAUTH.md index de71c1b..d88dbc2 100644 --- a/doc/authz/OAUTH.md +++ b/doc/authz/OAUTH.md @@ -134,6 +134,11 @@ Terraform Cloud token scheme to slowly align with the permissions scheme devised by HCP. Existing Authn/Authz enforcement can remain and be upgraded gradually until all old tokens are eventually expired. +Using OAuth 2.0 allows us to extend our existing system by introducing ways to +accept new grant types like the [SAML Assertion Grant][7], [JWT Assertion Grant][8], +[Device Authz Grant][9] etc. It allows Terraform to integrate with [other vendors][10] +via a Standards based approach that has been peer reviewed by the wider industry. + ## Expected Downsides <!-- Not exhaustive, but what are some initial concerns? --> @@ -157,4 +162,7 @@ understand the interface between services and how they can be extended/attacked. [4]: https://github.com/hashicorp/cloud-idp [5]: https://datatracker.ietf.org/doc/html/rfc6749 [6]: https://rubygems.org/gems/devise - +[7]: https://datatracker.ietf.org/doc/html/rfc7522 +[8]: https://datatracker.ietf.org/doc/html/rfc7523 +[9]: https://datatracker.ietf.org/doc/html/rfc8628 +[10]: https://openid.net/specs/openid-connect-core-1_0.html#ThirdPartyInitiatedLogin |