From 1c7063a09354ae0d83a6338e81b2fc734e9da283 Mon Sep 17 00:00:00 2001 From: Gerard Snaauw Date: Tue, 14 May 2024 14:08:45 +0200 Subject: [PATCH] add docs --- docs/pages/deployment/oauth.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/pages/deployment/oauth.rst b/docs/pages/deployment/oauth.rst index afec837a68..cb4e54c718 100644 --- a/docs/pages/deployment/oauth.rst +++ b/docs/pages/deployment/oauth.rst @@ -25,6 +25,7 @@ Authorization Code Flow For the authorization code flow, the Nuts node implements the following: - JAR (JWT Secured Authorization Request) for both the initial authorization request as well as the OpenID4VP authorization request. + All request use the ``request_uri`` parameter meaning that other request parameters cannot be inspected in the authorization request itself. - PKCE (Proof Key for Code Exchange) for the authorization code flow. The call of the initial authorization request is linked to the token request. - DPoP (Demonstrating Proof of Possession) for the token request. Each resources request will require a new DPoP Proof header. The resource server is also required to check this header in an additional step after the token introspection.