:PROPERTIES:
:ID:       0dceeeca-7c23-41a8-b9dc-4642a09618db
:END:
#+title: Custom Routes
#+Author: Yann Esposito
#+Date: [2022-10-17]

- tags :: [[id:ce893df9-32a4-44e0-9eb5-b9817141ee6a][cisco]]
- source :: https://github.com/advthreat/iroh/issues/5411
* Reference

https://github.com/advthreat/iroh/issues/5411


We propose to provide two new endpoints to simplify and standardize this
integration system.

- ~POST /iroh/oauth/custom/code~ that could only called using a user's JWT with
  the ~oauth:write~ scope. Given a ~client-id~ it will grant that client
  (no need to pass via the CSRF token step) and returns a code
  (directly and not a URL the client would need to parse)
- ~POST /iroh/oauth/custom/tokens~ that could only be called using a user's JWT
  with the ~oauth:write~ scope.

This route also need a ~client_id~, ~client_secret~.
This will grant the client on behalf of the user and returns a classical ~/token~
response.