Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement Security Bootstrapping #3081

Open
benfrancis opened this issue Apr 5, 2023 · 1 comment
Open

Implement Security Bootstrapping #3081

benfrancis opened this issue Apr 5, 2023 · 1 comment
Labels
oauth OAuth implementation and support task w3c-compliance wot-discovery W3C WoT Discovery specification
Milestone
2.0

Comments

@benfrancis
Copy link
Member

benfrancis commented Apr 5, 2023
edited
Loading

In the WoT Discovery specification, "security bootstrapping" requires that an unauthenticated request for a Thing Description is responded to in a certain way such that a Consumer knows how to authenticate in order to access the resource.

WebThings Gateway already responds with a 401 response if a valid JWT is not provided, which would be valid for the Bearer security scheme if a WWW-Authenticate header was also provided. Alternatively, if the OAuth2 scheme is used it should respond with a 302 or 303 response and implement the full OAuth2 flow.

Note that authenticating access to the Thing Description is technically different to authenticating access to the Thing's interaction affordances, which is what the security metadata inside the Thing Description is for. Currently WebThings Gateway uses the same security mechanism (JWT tokens) for both. It claims to use OAuth2 for interaction affordances, but that doesn't appear to be fully implemented.
@benfrancis benfrancis added w3c-compliance wot-discovery W3C WoT Discovery specification labels Apr 5, 2023
@benfrancis benfrancis added this to the 2.0 milestone Apr 5, 2023
@benfrancis benfrancis moved this to Product Backlog in WebThings Gateway Jul 9, 2024
@benfrancis benfrancis removed the status in WebThings Gateway Jul 9, 2024
@benfrancis benfrancis moved this to Product Backlog in WebThings Gateway Jul 9, 2024
@benfrancis
Copy link
Member Author

See also: w3c/wot-discovery#549

@benfrancis benfrancis added oauth OAuth implementation and support task labels Jul 30, 2024
@benfrancis benfrancis mentioned this issue Jul 30, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
oauth OAuth implementation and support task w3c-compliance wot-discovery W3C WoT Discovery specification
Projects
WebThings Gateway
Status: Product Backlog
Milestone
2.0
Development

No branches or pull requests
1 participant
@benfrancis