DPoP: Extending Client to store Client ID (Linked-Data Resource)
In the Solid-OIDC Primer the client-id given is a linked-data resource
Currently, the Client
model stores an id
(internal) and a website
(homepage), neither of which are suitable for this purpose
We should extend the model, or possibly replace the internal client id
with the linked-data resource format
This is non-blocking as we can store it in the website field in the short-term
...
Also required from the Solid-OIDC Spec:
If an app WebID is provided as the client id (see note above to see other options), we must fetch that app WebID to confirm its validity.
This will require work RS-side as well (djangoldp_account)
-
AuthorizeEndpoint.validate_params
should also validate the redirect_uri matches the client ID