eduID / eduBadges / mobile API integration #551
Description
In eduID there is an endpoint to fetch all linked schac_home and eppn values for a certain user. EduID is acting as Resource Sever for this endpoint and the endpoint is secured with an access_token scoped on the user. EduBadges already uses this endpoint for some time.
The new mobile app for edubadges will use new mobile API endpoints in eduBadges server. One the calls is /mobile/api/login where the user is retrieved based on an access_token obtained by the mobile app in the OIDC flow of SURFconext. Part of the user info are the eppn values. In theory those can change or disappear , so the eduBadges server will call the links endpoint in eduID again, using the access_token of the mobile app. The scope that is used therefore already existed in Manage, but was not exposed in the well_known_configuration. This has been added in 7fc6032.
Request is a new release of OIDC-NG and oidc-playground-server on the test (NOT test2) to test the new flow. Locally it already works.