Michael Schwartz
Michael Schwartz
Also, if you are getting a 503, we'd want the web server log and oxauth log. That's a valid FQDN, but I don't see anyone doing that.
Three cheers!
re: `runIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims` ... it is a little long. Frankly, we now have the Update Token script. A little shorter: `runIntrospectionScriptBeforeJwtCreation` ?
IMHO, It's implicit it's the access token because it's the introspection endpoint
Perhaps what we should do is add some `TODO` items into the script and publish it, because it is a third party script, not core code.
What should we call this endpoint? `/agama-assets` ?
I'd be happy to join the call on Jan 6. To build trust, you need both "tools and rules". Any authentication/authorization system (like Janssen auth-server) is only useful after identity...
Yes, I have it on my schedule for 11am US Central time on Google Hangouts.
We never assigned a resource to this at Gluu. So we haven't done anything.
You can provide some guidelines for different platforms. I think it also requires gcc, which not every system will have (i.e. docker container won't have gcc...)