From 37b2898920c8429a27f5bd4b690cf38bf7d8ce8d Mon Sep 17 00:00:00 2001 From: Giuseppe Lo Presti Date: Mon, 25 May 2026 17:21:33 +0200 Subject: [PATCH 01/12] New edition of the webapp protocol, following discussions --- spec.yaml | 159 ++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 124 insertions(+), 35 deletions(-) diff --git a/spec.yaml b/spec.yaml index 189d8e5..9f911ff 100644 --- a/spec.yaml +++ b/spec.yaml @@ -409,27 +409,81 @@ components: The top-level WebDAV path at this endpoint. In order to access a remote shared resource, implementations SHOULD use this path as a prefix (see sharing examples). + webdav-receive: + type: object + description: > + Implementations that support receiving WebDAV shares SHOULD + advertise them here. Note though that older implementations MAY + not support this property. + properties: + uri: + type: string + description: > + This property signals that this endpoint is capable of + receiving `webdav` shares with the given URI format. + The value MUST be either `"absolute"` or `"relative"`. + enum: + - absolute + - relative webapp: - type: string + type: object description: > - The top-level path for web apps at this endpoint. In order to - access a remote web app, implementations SHOULD use this path - as a prefix (see sharing examples). + Implementations that support sending WebApp shares MUST advertise + them here, with an empty object as value. + webapp-receive: + type: object + description: > + Implementations that support receiving WebApp shares MUST + advertise them here. + properties: + targets: + type: array + description: > + The target values this endpoint supports as receiver of + a webapp share, similar to the target attributes in an + HTML `` tag. + - "blank" signals that this endpoint supports opening + the URI in a new window or tab. + - "iframe" signals that this endpoint supports opening + the URI in the same browsing context, within an iframe, + and that it can set CORS headers. + - "popup" signals that this endpoint supports opening + the URI in an embedded popup window, and that it can + set CORS headers. + items: + type: string + enum: + - blank + - iframe + - popup ssh: type: string description: > The top-level address in the form `host:port` of an endpoint that supports ssh and scp with a public/private key based authentication. + ssh-receive: + type: object + description: > + Implementations that support receiving SSH shares MUST + advertise them here, with an empty object as value. additionalProperties: - type: string + type: object description: > - Any additional protocol supported for this resource type MAY + Any additional protocol supported for this resource type SHOULD be advertised here, where the value MAY correspond to a top-level - URI to be used for that protocol. + URI to be used for that protocol, or any other relevant + attribute required for that protocol. Similarly, additional + receiving capabilities for custom protocols SHOULD be advertised. example: webdav: /remote/dav/ocm/ - webapp: /apps/ocm/ + webdav-receive: { + "uri": "absolute" + } + webapp: {} + webapp-receive: { + "targets": ["blank", "iframe"] + } talk: /apps/spreed/api/ capabilities: type: array @@ -446,10 +500,9 @@ components: - invite-wayf - notifications - protocol-object - - webdav-uri example: - - webdav-uri - protocol-object + - invites - http-sig criteria: type: array @@ -665,12 +718,12 @@ components: uri: type: string description: > - An URI to access the remote resource. The URI SHOULD be relative, + An URI to access the remote resource. The URI MAY be relative, such as a key or a UUID, in which case the prefix exposed by the `/.well-known/ocm` endpoint MUST be used to access the resource, or - it MAY be absolute, including a hostname. The latter is deprecated. + it MAY be absolute, including a hostname. In all cases, for a `folder` resource, the composed URI acts - as the root path, such that other files located within it SHOULD + as the root path, such that other files located within it MUST be accessible by appending their relative path to that URI. sharedSecret: type: string @@ -726,32 +779,63 @@ components: description: > An URI to a client-browsable view of the remote resource, such that users may use a web application available at the sender site. - The URI SHOULD be relative, such as a key or a UUID, in which case - the prefix exposed by the `/.well-known/ocm` endpoint MUST be used - to access the resource, or it MAY be absolute, including a hostname. - Similar considerations as for the `webdav` case apply here. - In all cases, for a `folder` resource, the composed URI acts - as the root path, such that other files located within SHOULD - be accessible by appending their relative path to that URI. - viewMode: - type: string - description: | + The URI MUST be absolute, including a hostname. In case the + underlying resource is a folder, the URI MUST act as a root path, + such that files located within the folder are made accessible in + the web app by appending their relative path to the URI. + targets: + type: array + description: > + The target attribute values to be used when opening the URI, such + as in an HTML `` tag.If omitted, it defaults to `["blank"]`. + - "blank" signals the recipient to open the URI in a new window or tab. + - "iframe" signals the recipient to open the URI in the same browsing + context, within an iframe. CORS headers MUST be properly set. + - "popup" signals the recipient to open the URI in an embedded popup + window. CORS headers MUST be properly set. + items: + type: string + enum: + - blank + - iframe + - popup + permissions: + type: array + description: > The permissions granted to the sharee. - `view` allows access to the web app in view-only mode. - `read` allows read and download access via the web app. - `write` allows full editing rights via the web app. - enum: - - view - - read - - write + - `share` allows re-share rights on the resource. This only + applies to web apps that provide a mechanism for re-sharing. + items: + type: string + enum: + - view + - read + - write + - share sharedSecret: type: string description: > - An optional secret to be used to access the remote web app, such as - a bearer token. To prevent leaking it in logs it MUST NOT appear - in any URI. In a multi-protocol share scenario with WebDAV, the - access requirements provided in the `webdav` part MUST apply for - `webapp` accesses as well. + A secret for accessing the remote web app, such as a bearer token. + To give access to the remote app, the receiver MUST perform a HTTP + POST request to the given URI, with the shared secret in a form field + named `access_token`. To prevent leaking it in logs it MUST NOT appear + in any URI. In a multi-protocol share scenario with WebDAV, the access + requirements provided in the `webdav` part MUST apply for `webapp` + accesses as well. + appName: + type: string + description: > + An optional human-friendly name of the web application to be used + in user interfaces when referring to this share. + appIcon: + type: string + description: > + An optional URI to an icon representing the web application, to be + used in user interfaces when referring to this share. The URI MUST + be absolute, including a hostname. ssh: type: object properties: @@ -801,16 +885,21 @@ components: name: multi webdav: accessTypes: ['remote', 'datatx'] - uri: 7c084226-d9a1-11e6-bf26-cec0c932ce01 + uri: https://cloud.example.org/remote/dav/ocm/7c084226-d9a1-11e6-bf26-cec0c932ce01 sharedSecret: hfiuhworzwnur98d3wjiwhr permissions: - read requirements: - must-use-mfa webapp: - uri: 7c084226-d9a1-11e6-bf26-cec0c932ce01 + uri: https://apps.example.org/codimd/7c084226-d9a1-11e6-bf26-cec0c932ce01 sharedSecret: hfiuhworzwnur98d3wjiwhr - viewMode: read + targets: + - blank + permissions: + - read + appName: CodiMD + appIcon: https://apps.example.org/assets/codimd-icon.png ssh: accessTypes: ['datatx'] uri: extuser@cloud.example.org:/7c084226-d9a1-11e6-bf26-cec0c932ce01 From caa3bc0426c31002d2d6ee51875b59ef155d1b17 Mon Sep 17 00:00:00 2001 From: Giuseppe Lo Presti Date: Sat, 30 May 2026 17:29:11 +0200 Subject: [PATCH 02/12] Include option for data URI --- spec.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/spec.yaml b/spec.yaml index 9f911ff..28e31df 100644 --- a/spec.yaml +++ b/spec.yaml @@ -834,8 +834,9 @@ components: type: string description: > An optional URI to an icon representing the web application, to be - used in user interfaces when referring to this share. The URI MUST - be absolute, including a hostname. + used in user interfaces when referring to this share. An embedded + data URI can be used. Alternatively, if a regular URI is used, + it MUST be absolute, including a hostname. ssh: type: object properties: From 4b1231beefb3379e370ee34210d08041ed6bb87f Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 1 Jun 2026 10:09:19 +0200 Subject: [PATCH 03/12] Update webapp share I-D text Signed-off-by: Micke Nordin --- IETF-RFC.md | 105 ++++++++++++++++++++++++++++++++++++++++++++-------- spec.yaml | 39 ++++++++++--------- 2 files changed, 112 insertions(+), 32 deletions(-) diff --git a/IETF-RFC.md b/IETF-RFC.md index 1c2896d..845b1cd 100644 --- a/IETF-RFC.md +++ b/IETF-RFC.md @@ -692,25 +692,52 @@ contain the following information about its OCM API: ~~~ { "webdav": "/remote/dav/ocm/", - "webapp": "/app/ocm/", + "webdav-receive": { "uri": "absolute" }, + "webapp": {}, + "webapp-receive": { "targets": ["blank", "iframe"] }, "talk": "/apps/spreed/api/" } ~~~ {: type="json"} + The `protocols` object distinguishes a server's role for each + protocol: a property named after the protocol (e.g. `webdav`, + `webapp`, `ssh`) advertises support for acting as a Sending + Server, while a property suffixed with `-receive` (e.g. + `webdav-receive`, `webapp-receive`, `ssh-receive`) advertises + support for acting as a Receiving Server. + Fields: - webdav (string) - The top-level WebDAV [RFC4918] path at this endpoint. In order to access a Remote Resource, implementations SHOULD use this path as a prefix (see sharing examples). - - webapp (string) - The top-level path for web apps at this - endpoint. In order to access a remote web app, implementations - SHOULD use this path as a prefix (see sharing examples). + - webdav-receive (object) - Advertised by implementations that + support receiving WebDAV shares. It contains a `uri` property + whose value MUST be either `"absolute"` or `"relative"`, + signalling the URI format this endpoint accepts. Note that + older implementations MAY not support this property. + - webapp (object) - Advertised, as an empty object, by + implementations that support sending WebApp shares. + - webapp-receive (object) - Advertised by implementations that + support receiving WebApp shares. It contains a `targets` + array listing the ways this endpoint is able to present a + WebApp share to the user. A subset of: + - `blank` - the endpoint can open the URI in a new window or + tab. + - `redirect` - the endpoint can navigate the browser to the + URI, replacing the current page. + - `iframe` - the endpoint can embed the URI in an iframe + within its own UI, and can set CORS headers. - ssh (string) - The top-level address in the form `host:port` of an endpoint that supports ssh and scp with a public/private key based authentication. + - ssh-receive (object) - Advertised, as an empty object, by + implementations that support receiving SSH shares. - Any additional protocol supported for this Resource type MAY be advertised here, where the value MAY correspond to - a top-level URI to be used for that protocol. + a top-level URI to be used for that protocol. Similarly, + additional receiving capabilities for custom protocols SHOULD + be advertised using a `-receive` suffixed property. * OPTIONAL: capabilities (array of string) - The optional capabilities supported by this OCM Server. As implementations MUST accept Share Creation Notifications @@ -947,20 +974,49 @@ voluntarily. especially in case of `datatx` access type. * Protocol details for `webapp` MAY contain: - REQUIRED uri (string) - A URI to a client-browsable view of the Shared - Resource, such that users MAY use the web - applications available at the site. The URI SHOULD - be relative, in which case the prefix exposed by - the `/.well-known/ocm` endpoint MUST be used. - Absolute URIs are deprecated. - - REQUIRED viewMode (string) - The permissions granted to the sharee. A subset of: + A URI to a client-browsable view of the Shared Resource, such + that users MAY use a web application available at the Sending + Server. The URI MUST be absolute, including a hostname. In + case the underlying Resource is a folder, the URI MUST act as a + root path, such that files located within the folder are made + accessible in the web app by appending their relative path to + the URI. + - REQUIRED targets (array of strings) - How the recipient SHOULD + present the URI to the user. MUST NOT be empty. A subset of: + - `blank` signals the recipient to open the URI in a new window + or tab. + - `redirect` signals the recipient to navigate the browser to + the URI, replacing the current page. + - `iframe` signals the recipient to embed the URI in an iframe + within its own UI. CORS headers MUST be properly set. + A Sending Server MUST NOT offer a target that the recipient did + not advertise in its `webapp-receive` discovery property. + - REQUIRED permissions (array of strings) - + The permissions granted to the sharee. MUST NOT be empty. + A subset of: - `view` allows access to the web app in view-only mode. - `read` allows read and download access via the web app. - `write` allows full editing rights via the web app. + - `share` allows re-share rights on the Resource. This only + applies to web apps that provide a mechanism for re-sharing. - OPTIONAL sharedSecret (string) - An optional secret to be used to access the remote - web app, for example in the form of a bearer token. + A secret for accessing the remote web app, such as a bearer + token. To give access to the remote app, the receiver MUST + perform an HTTP POST request to the given `uri`, passing the + shared secret in a form field named `access_token` (see + [Resource Access](#resource-access)). To prevent leaking it in + logs it MUST NOT appear in any URI. In a multi-protocol Share + that also offers WebDAV, the access requirements provided in the + `webdav` part (such as `must-exchange-token`) MUST apply to + `webapp` accesses as well. + - OPTIONAL appName (string) + A human-friendly name of the web application, to be used in user + interfaces when referring to this Share. + - OPTIONAL appIcon (string) + A URI to an icon representing the web application, to be used in + user interfaces when referring to this Share. An embedded data + URI MAY be used; alternatively, if a regular URI is used, it MUST + be absolute, including a hostname. * Protocol details for `ssh` MAY contain: - OPTIONAL accessTypes (array of strings) - The type of access being granted to the remote resource. If omitted, it defaults to @@ -1163,6 +1219,22 @@ protocol required for access. The procedure is as follows: removed in a future release of the Protocol. If a secret cannot be identified (e.g. because `protocol.options` is undefined), then the receiver SHOULD discard the share as invalid. +6. For the specific case where `protocol.webapp` is available and the + receiver wants to use it, the receiver MUST present the web app to + the user by opening `protocol.webapp.uri` using one of the targets + listed in `protocol.webapp.targets` (defaulting to `blank`), chosen + among those the receiver advertises in its `webapp-receive` + discovery property. If a `protocol.webapp.sharedSecret` is present, + the receiver MUST NOT place it in the URI; instead it MUST deliver + it to the web app via an HTTP POST to `protocol.webapp.uri` with the + secret carried in a form field named `access_token`. This is + typically achieved with an auto-submitting HTML form whose `target` + attribute selects the chosen presentation (e.g. an iframe name, + `_blank`, or `_top`). When the Share also requires token exchange + (see step 3.1, applied via the `webdav` part of a multi-protocol + Share), the receiver MUST first exchange the `sharedSecret` at the + Sending Server's {tokenEndPoint} and POST the resulting bearer token + as the `access_token` value. In all cases, in case the Shared Resource is a folder and the Receiving Server accesses a Resource within that shared folder, it SHOULD append @@ -1928,8 +2000,11 @@ that section. | Protocols | +------------------+ | - ssh | +| - ssh-receive | | - webapp | +| - webapp-receive | | - webdav | +| - webdav-receive | | - ... | +------------------+ ~~~ diff --git a/spec.yaml b/spec.yaml index 28e31df..54ad569 100644 --- a/spec.yaml +++ b/spec.yaml @@ -439,23 +439,22 @@ components: targets: type: array description: > - The target values this endpoint supports as receiver of - a webapp share, similar to the target attributes in an - HTML `` tag. + The ways this endpoint is able to present a webapp + share to the user when acting as receiver. - "blank" signals that this endpoint supports opening the URI in a new window or tab. - - "iframe" signals that this endpoint supports opening - the URI in the same browsing context, within an iframe, + - "redirect" signals that this endpoint supports + navigating the browser to the URI, replacing the + current page. + - "iframe" signals that this endpoint supports + embedding the URI in an iframe within its own UI, and that it can set CORS headers. - - "popup" signals that this endpoint supports opening - the URI in an embedded popup window, and that it can - set CORS headers. items: type: string enum: - blank + - redirect - iframe - - popup ssh: type: string description: > @@ -773,6 +772,10 @@ components: in case of `datatx` access type. webapp: type: object + required: + - uri + - targets + - permissions properties: uri: type: string @@ -786,23 +789,25 @@ components: targets: type: array description: > - The target attribute values to be used when opening the URI, such - as in an HTML `` tag.If omitted, it defaults to `["blank"]`. + How the recipient should present the URI to the user. + This array is REQUIRED and MUST NOT be empty: a webapp + share without a target is invalid. - "blank" signals the recipient to open the URI in a new window or tab. - - "iframe" signals the recipient to open the URI in the same browsing - context, within an iframe. CORS headers MUST be properly set. - - "popup" signals the recipient to open the URI in an embedded popup - window. CORS headers MUST be properly set. + - "redirect" signals the recipient to navigate the browser to the URI, + replacing the current page. + - "iframe" signals the recipient to embed the URI in an iframe within + its own UI. CORS headers MUST be properly set. items: type: string enum: - blank + - redirect - iframe - - popup permissions: type: array description: > - The permissions granted to the sharee. + The permissions granted to the sharee. This array is + REQUIRED and MUST NOT be empty. - `view` allows access to the web app in view-only mode. - `read` allows read and download access via the web app. - `write` allows full editing rights via the web app. From 5185721eb46d3e0ac8b648c2ceae2619151b1ffd Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 4 Jun 2026 11:44:02 +0200 Subject: [PATCH 04/12] Address PR review on webapp sharing Reconcile the I-D text, OpenAPI spec, and discovery JSON schema per review feedback: - Update schemas/ocm-discovery.json to the sending/receiving protocol model: webapp as object, add webdav-receive/webapp-receive/ssh-receive, allow string-or-object custom protocols. - Enforce required/non-empty constraints in the schema (webdav-receive uri, webapp-receive targets minItems, share-payload targets and permissions minItems). - Replace iframe CORS wording with sender frame-policy language. - Keep webapp sharedSecret server-to-server: exchange at tokenEndPoint first, never expose the raw secret to the browser. - Define the no-common-target case (empty intersection) as unusable instead of defaulting to blank. - Constrain appIcon data URIs to inert image rendering. - Allow absolute WebDAV uri in the I-D to match spec.yaml; add folder root-path semantics. - Remove the withdrawn webdav-uri capability; fix the mfa requirement name to must-use-mfa. Co-authored-by: Mahdi Baghbani <13681688+MahdiBaghbani@users.noreply.github.com> --- IETF-RFC.md | 79 ++++++++++++++++++++------------------ schemas/ocm-discovery.json | 48 +++++++++++++++++++---- spec.yaml | 39 +++++++++++++------ 3 files changed, 110 insertions(+), 56 deletions(-) diff --git a/IETF-RFC.md b/IETF-RFC.md index 845b1cd..f8a688c 100644 --- a/IETF-RFC.md +++ b/IETF-RFC.md @@ -727,7 +727,8 @@ contain the following information about its OCM API: - `redirect` - the endpoint can navigate the browser to the URI, replacing the current page. - `iframe` - the endpoint can embed the URI in an iframe - within its own UI, and can set CORS headers. + within its own UI, when the Sending Server allows framing + by this receiver. - ssh (string) - The top-level address in the form `host:port` of an endpoint that supports ssh and scp with a public/private key based authentication. @@ -743,7 +744,7 @@ contain the following information about its OCM API: As implementations MUST accept Share Creation Notifications to be compliant, it is not necessary to expose that as a capability. - Example: `["exchange-token", "webdav-uri"]`. The array MAY + Example: `["exchange-token", "protocol-object"]`. The array MAY include one or more of the following items: - `"enforce-mfa"` - to indicate that this OCM Server can apply a Sending Server's MFA requirements for a Share on their behalf. @@ -764,9 +765,6 @@ contain the following information about its OCM API: notifications to exchange updates on shares and invites. - `"invite-wayf"` - to indicate that this OCM Server exposes a WAYF Page to facilitate the Invite flow. - - `"webdav-uri"` - to indicate that this OCM Server can append a - relative URI to the path listed for WebDAV [RFC4918] in the - appropriate `resourceTypes` entry - `"protocol-object"` - to indicate that this OCM Server can receive a Share Creation Notification whose `protocol` object contains one property per supported protocol instead of containing @@ -943,10 +941,13 @@ voluntarily. cache operations on the Sending Server. The recipient MAY delegate a third-party service to execute the data transfer on their behalf. - REQUIRED uri (string) - A URI to access the Remote Resource. The URI - SHOULD be relative, in which case the prefix - exposed by the `/.well-known/ocm` endpoint MUST - be used. Absolute URIs are deprecated. + A URI to access the Remote Resource. The URI MAY be relative, + such as a key or a UUID, in which case the prefix exposed by the + `/.well-known/ocm` endpoint MUST be used to access the Resource, + or it MAY be absolute, including a hostname. In all cases, for a + `folder` Resource, the composed URI acts as the root path, such + that other files located within it MUST be accessible by + appending their relative path to that URI. - REQUIRED sharedSecret (string) A secret to be used to access the Resource, such as a bearer token. To prevent leaking it in logs it @@ -982,13 +983,15 @@ voluntarily. accessible in the web app by appending their relative path to the URI. - REQUIRED targets (array of strings) - How the recipient SHOULD - present the URI to the user. MUST NOT be empty. A subset of: + present the URI to the user. The `targets` array MUST NOT be + empty. A subset of: - `blank` signals the recipient to open the URI in a new window or tab. - `redirect` signals the recipient to navigate the browser to the URI, replacing the current page. - `iframe` signals the recipient to embed the URI in an iframe - within its own UI. CORS headers MUST be properly set. + within its own UI, when the Sending Server allows framing by + this receiver. A Sending Server MUST NOT offer a target that the recipient did not advertise in its `webapp-receive` discovery property. - REQUIRED permissions (array of strings) - @@ -1000,23 +1003,26 @@ voluntarily. - `share` allows re-share rights on the Resource. This only applies to web apps that provide a mechanism for re-sharing. - OPTIONAL sharedSecret (string) - A secret for accessing the remote web app, such as a bearer - token. To give access to the remote app, the receiver MUST - perform an HTTP POST request to the given `uri`, passing the - shared secret in a form field named `access_token` (see - [Resource Access](#resource-access)). To prevent leaking it in - logs it MUST NOT appear in any URI. In a multi-protocol Share - that also offers WebDAV, the access requirements provided in the - `webdav` part (such as `must-exchange-token`) MUST apply to - `webapp` accesses as well. + A secret for accessing the remote web app. To give access to the + remote app, the receiver MUST first exchange this value at the + Sending Server's {tokenEndPoint} using the Code Flow, then perform + an HTTP POST request to the given `uri` with the resulting bearer + token in a form field named `access_token` (see + [Resource Access](#resource-access)). The shared secret MUST NOT + be exposed to the browser and MUST NOT appear in any URI. In a + multi-protocol Share that also offers WebDAV, the access + requirements provided in the `webdav` part (such as + `must-exchange-token`) MUST apply to `webapp` accesses as well. - OPTIONAL appName (string) A human-friendly name of the web application, to be used in user interfaces when referring to this Share. - OPTIONAL appIcon (string) A URI to an icon representing the web application, to be used in user interfaces when referring to this Share. An embedded data - URI MAY be used; alternatively, if a regular URI is used, it MUST - be absolute, including a hostname. + URI MAY be used if it identifies an image resource; alternatively, + if a regular URI is used, it MUST be absolute, including a + hostname. Receiving Servers MUST render the icon only in an inert + image context and MAY reject unsupported or unsafe image types. * Protocol details for `ssh` MAY contain: - OPTIONAL accessTypes (array of strings) - The type of access being granted to the remote resource. If omitted, it defaults to @@ -1221,20 +1227,20 @@ protocol required for access. The procedure is as follows: the receiver SHOULD discard the share as invalid. 6. For the specific case where `protocol.webapp` is available and the receiver wants to use it, the receiver MUST present the web app to - the user by opening `protocol.webapp.uri` using one of the targets - listed in `protocol.webapp.targets` (defaulting to `blank`), chosen - among those the receiver advertises in its `webapp-receive` - discovery property. If a `protocol.webapp.sharedSecret` is present, - the receiver MUST NOT place it in the URI; instead it MUST deliver - it to the web app via an HTTP POST to `protocol.webapp.uri` with the - secret carried in a form field named `access_token`. This is - typically achieved with an auto-submitting HTML form whose `target` - attribute selects the chosen presentation (e.g. an iframe name, - `_blank`, or `_top`). When the Share also requires token exchange - (see step 3.1, applied via the `webdav` part of a multi-protocol - Share), the receiver MUST first exchange the `sharedSecret` at the - Sending Server's {tokenEndPoint} and POST the resulting bearer token - as the `access_token` value. + the user by opening `protocol.webapp.uri` using a target selected + from the intersection of `protocol.webapp.targets` and the targets + advertised in the receiver's `webapp-receive` discovery property. + If this intersection is empty, the receiver MUST treat the `webapp` + option as unusable for this Share. If a + `protocol.webapp.sharedSecret` is present, the receiver MUST NOT + place it in the URI and MUST NOT expose it to the browser. Instead, + the receiver MUST first exchange it at the Sending Server's + {tokenEndPoint} using the Code Flow, then deliver the resulting + bearer token to the web app via an HTTP POST to + `protocol.webapp.uri` with the token carried in a form field named + `access_token`. This is typically achieved with an auto-submitting + HTML form whose `target` attribute selects the chosen presentation + (e.g. an iframe name, `_blank`, or `_top`). In all cases, in case the Shared Resource is a folder and the Receiving Server accesses a Resource within that shared folder, it SHOULD append @@ -1976,7 +1982,6 @@ that section. | - ... | | - invites | | +------------------+ | - notifications | | | | - protocol-object| | - | | - webdav-uri | | | | - ... | | | +------------------+ | | | diff --git a/schemas/ocm-discovery.json b/schemas/ocm-discovery.json index ad0cfec..9794580 100644 --- a/schemas/ocm-discovery.json +++ b/schemas/ocm-discovery.json @@ -22,7 +22,7 @@ }, "capabilities": { "type": "array", - "description": "Capability values of 'enforce-mfa', 'exchange-token', 'http-sig', 'invites', 'invite-wayf', 'notifications', 'protocol-object', and 'webdav-uri' are defined in the draft", + "description": "Capability values of 'enforce-mfa', 'exchange-token', 'http-sig', 'invites', 'invite-wayf', 'notifications', and 'protocol-object' are defined in the draft", "items": { "type": "string" } @@ -55,6 +55,7 @@ ], "$defs": { "resourceType": { + "type": "object", "properties": { "name": { "type": "string" @@ -69,20 +70,53 @@ "protocols": { "type": "object", "minProperties": 1, - "description": "Additional protocols besides 'webdav', 'webapp' and 'datatx' may be defined.", + "description": "Additional protocols besides 'webdav', 'webapp', and 'ssh' may be defined. A property named after the protocol advertises sending support; a property suffixed with '-receive' advertises receiving support.", "properties": { "webdav": { "type": "string", "pattern": "^/" }, + "webdav-receive": { + "type": "object", + "required": ["uri"], + "properties": { + "uri": { "type": "string", "enum": ["absolute", "relative"] } + }, + "additionalProperties": false + }, "webapp": { - "type": "string", - "pattern": "^/" + "type": "object", + "additionalProperties": false }, - "datatx": { - "type": "string", - "pattern": "^/" + "webapp-receive": { + "type": "object", + "required": ["targets"], + "properties": { + "targets": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "string", + "enum": ["blank", "redirect", "iframe"] + } + } + }, + "additionalProperties": false + }, + "ssh": { + "type": "string" + }, + "ssh-receive": { + "type": "object", + "additionalProperties": false } + }, + "additionalProperties": { + "oneOf": [ + { "type": "string" }, + { "type": "object" } + ] } }, "publicKey": { diff --git a/spec.yaml b/spec.yaml index 54ad569..02ce9a3 100644 --- a/spec.yaml +++ b/spec.yaml @@ -411,6 +411,8 @@ components: as a prefix (see sharing examples). webdav-receive: type: object + required: + - uri description: > Implementations that support receiving WebDAV shares SHOULD advertise them here. Note though that older implementations MAY @@ -432,12 +434,15 @@ components: them here, with an empty object as value. webapp-receive: type: object + required: + - targets description: > Implementations that support receiving WebApp shares MUST advertise them here. properties: targets: type: array + minItems: 1 description: > The ways this endpoint is able to present a webapp share to the user when acting as receiver. @@ -448,7 +453,8 @@ components: current page. - "iframe" signals that this endpoint supports embedding the URI in an iframe within its own UI, - and that it can set CORS headers. + when the Sending Server allows framing by this + receiver. items: type: string enum: @@ -467,7 +473,9 @@ components: Implementations that support receiving SSH shares MUST advertise them here, with an empty object as value. additionalProperties: - type: object + oneOf: + - type: string + - type: object description: > Any additional protocol supported for this resource type SHOULD be advertised here, where the value MAY correspond to a top-level @@ -788,6 +796,7 @@ components: the web app by appending their relative path to the URI. targets: type: array + minItems: 1 description: > How the recipient should present the URI to the user. This array is REQUIRED and MUST NOT be empty: a webapp @@ -796,7 +805,7 @@ components: - "redirect" signals the recipient to navigate the browser to the URI, replacing the current page. - "iframe" signals the recipient to embed the URI in an iframe within - its own UI. CORS headers MUST be properly set. + its own UI, when the Sending Server allows framing by the recipient. items: type: string enum: @@ -805,6 +814,7 @@ components: - iframe permissions: type: array + minItems: 1 description: > The permissions granted to the sharee. This array is REQUIRED and MUST NOT be empty. @@ -823,13 +833,15 @@ components: sharedSecret: type: string description: > - A secret for accessing the remote web app, such as a bearer token. - To give access to the remote app, the receiver MUST perform a HTTP - POST request to the given URI, with the shared secret in a form field - named `access_token`. To prevent leaking it in logs it MUST NOT appear - in any URI. In a multi-protocol share scenario with WebDAV, the access - requirements provided in the `webdav` part MUST apply for `webapp` - accesses as well. + A secret for accessing the remote web app. To give access to the + remote app, the receiver MUST first exchange this value at the + Sending Server's `tokenEndPoint` using the Code Flow, then perform + an HTTP POST request to the given URI with the resulting bearer + token in a form field named `access_token`. The shared secret MUST + NOT be exposed to the browser and MUST NOT appear in any URI. In a + multi-protocol share scenario with WebDAV, the access requirements + provided in the `webdav` part MUST apply for `webapp` accesses as + well. appName: type: string description: > @@ -840,8 +852,11 @@ components: description: > An optional URI to an icon representing the web application, to be used in user interfaces when referring to this share. An embedded - data URI can be used. Alternatively, if a regular URI is used, - it MUST be absolute, including a hostname. + data URI MAY be used if it identifies an image resource. + Alternatively, if a regular URI is used, it MUST be absolute, + including a hostname. Receiving Servers MUST render the icon only + in an inert image context and MAY reject unsupported or unsafe + image types. ssh: type: object properties: From a907d09686eef5c857e31c4f2e544d3a80d025cd Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 8 Jun 2026 18:38:17 +0200 Subject: [PATCH 05/12] Add redirect uri to webapp form post --- IETF-RFC.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/IETF-RFC.md b/IETF-RFC.md index f8a688c..b65feed 100644 --- a/IETF-RFC.md +++ b/IETF-RFC.md @@ -1238,9 +1238,11 @@ protocol required for access. The procedure is as follows: {tokenEndPoint} using the Code Flow, then deliver the resulting bearer token to the web app via an HTTP POST to `protocol.webapp.uri` with the token carried in a form field named - `access_token`. This is typically achieved with an auto-submitting - HTML form whose `target` attribute selects the chosen presentation - (e.g. an iframe name, `_blank`, or `_top`). + `access_token` along with another form field named `redirect_uri` + that represents the location where the reciving server can handle + refresh of tokens. This is typically achieved with an + auto-submitting HTML form whose `target` attribute selects the + chosen presentation (e.g. an iframe name, `_blank`, or `_top`). In all cases, in case the Shared Resource is a folder and the Receiving Server accesses a Resource within that shared folder, it SHOULD append From bb592134f5b4b2a9581688f60df7282db445ea3e Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 8 Jun 2026 20:43:50 +0200 Subject: [PATCH 06/12] Switch appIcon to mediaType --- IETF-RFC.md | 16 +++++++++------- spec.yaml | 13 +++++-------- 2 files changed, 14 insertions(+), 15 deletions(-) diff --git a/IETF-RFC.md b/IETF-RFC.md index b65feed..3ffa46d 100644 --- a/IETF-RFC.md +++ b/IETF-RFC.md @@ -1016,13 +1016,11 @@ voluntarily. - OPTIONAL appName (string) A human-friendly name of the web application, to be used in user interfaces when referring to this Share. - - OPTIONAL appIcon (string) - A URI to an icon representing the web application, to be used in - user interfaces when referring to this Share. An embedded data - URI MAY be used if it identifies an image resource; alternatively, - if a regular URI is used, it MUST be absolute, including a - hostname. Receiving Servers MUST render the icon only in an inert - image context and MAY reject unsupported or unsafe image types. + - OPTIONAL mediaType (string) + A string that describes the main media type (MIME type) of the + share. This can be media types with vendor tree subtypes, such as + `application/vnd.jupyter` for Jupyter Notebooks, or any entries from + the IANA Media Type registry. [RFC6838] * Protocol details for `ssh` MAY contain: - OPTIONAL accessTypes (array of strings) - The type of access being granted to the remote resource. If omitted, it defaults to @@ -1565,6 +1563,10 @@ June 2007. [RFC6749] Hardt, D. (ed), "[The OAuth 2.0 Authorization Framework]( https://datatracker.ietf.org/html/rfc6749)", October 2012. +[RFC6828] Freed, N., Klensin, J., Hansen, T. "[Media Type +Specifications and Registration Procedures +](https://datatracker.ietf.org/html/rfc6828)", January 2013. + [RFC7515] Jones, M., Bradley, J., Sakimura, N., "[JSON Web Signature (JWS)](https://datatracker.ietf.org/doc/html/rfc7515)", May 2015. diff --git a/spec.yaml b/spec.yaml index 02ce9a3..d30e287 100644 --- a/spec.yaml +++ b/spec.yaml @@ -847,16 +847,13 @@ components: description: > An optional human-friendly name of the web application to be used in user interfaces when referring to this share. - appIcon: + mediaType: type: string description: > - An optional URI to an icon representing the web application, to be - used in user interfaces when referring to this share. An embedded - data URI MAY be used if it identifies an image resource. - Alternatively, if a regular URI is used, it MUST be absolute, - including a hostname. Receiving Servers MUST render the icon only - in an inert image context and MAY reject unsupported or unsafe - image types. + An optional string that describes the main media (MIME) type of the + share. For example a folder with a Jupyter Notebook should be given + the mediaType `application/vnd.jupyter` to allow the receiving + server to choose an appropriate icon to display for the share. ssh: type: object properties: From e01c8431f43964001c95ee9587adaf897f22e39d Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 9 Jun 2026 11:54:41 +0200 Subject: [PATCH 07/12] Remove redirect from targets --- IETF-RFC.md | 6 +----- spec.yaml | 6 ++---- 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/IETF-RFC.md b/IETF-RFC.md index 3ffa46d..2d9a5c2 100644 --- a/IETF-RFC.md +++ b/IETF-RFC.md @@ -723,9 +723,7 @@ contain the following information about its OCM API: array listing the ways this endpoint is able to present a WebApp share to the user. A subset of: - `blank` - the endpoint can open the URI in a new window or - tab. - - `redirect` - the endpoint can navigate the browser to the - URI, replacing the current page. + tab, or do a full page redirect. - `iframe` - the endpoint can embed the URI in an iframe within its own UI, when the Sending Server allows framing by this receiver. @@ -987,8 +985,6 @@ voluntarily. empty. A subset of: - `blank` signals the recipient to open the URI in a new window or tab. - - `redirect` signals the recipient to navigate the browser to - the URI, replacing the current page. - `iframe` signals the recipient to embed the URI in an iframe within its own UI, when the Sending Server allows framing by this receiver. diff --git a/spec.yaml b/spec.yaml index d30e287..a0ddcc4 100644 --- a/spec.yaml +++ b/spec.yaml @@ -447,10 +447,8 @@ components: The ways this endpoint is able to present a webapp share to the user when acting as receiver. - "blank" signals that this endpoint supports opening - the URI in a new window or tab. - - "redirect" signals that this endpoint supports - navigating the browser to the URI, replacing the - current page. + the URI in a new window or tab, or doing a full page + redirect to the URI. - "iframe" signals that this endpoint supports embedding the URI in an iframe within its own UI, when the Sending Server allows framing by this From c1a84f975d4ffd372599123b8cb76e558b590638 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 9 Jun 2026 17:54:03 +0200 Subject: [PATCH 08/12] Change mediaType to appIconHint and add mediaTypes, also rename redirect_uri to expired_session_redirect_uri --- IETF-RFC.md | 35 ++++++++++++++++++++++++----------- spec.yaml | 23 ++++++++++++----------- 2 files changed, 36 insertions(+), 22 deletions(-) diff --git a/IETF-RFC.md b/IETF-RFC.md index 2d9a5c2..206e0b1 100644 --- a/IETF-RFC.md +++ b/IETF-RFC.md @@ -998,6 +998,15 @@ voluntarily. - `write` allows full editing rights via the web app. - `share` allows re-share rights on the Resource. This only applies to web apps that provide a mechanism for re-sharing. + - REQUIRED requirements (array of strings) - + The requirements that the sharee MUST fulfill to + access the Resource. The requirements MUST at least include + `must-exchange-token`. If multiple protocols are present in the + share payload, the requirements for the different protocols MUST + agree. For example, if a webapp share is sent in the same payload + as a webdav share, both protocols MUST carry the same + requirements, and both requirement arrays MUST include + `must-exchange-token`. - OPTIONAL sharedSecret (string) A secret for accessing the remote web app. To give access to the remote app, the receiver MUST first exchange this value at the @@ -1012,11 +1021,14 @@ voluntarily. - OPTIONAL appName (string) A human-friendly name of the web application, to be used in user interfaces when referring to this Share. - - OPTIONAL mediaType (string) - A string that describes the main media type (MIME type) of the - share. This can be media types with vendor tree subtypes, such as - `application/vnd.jupyter` for Jupyter Notebooks, or any entries from - the IANA Media Type registry. [RFC6838] + - OPTIONAL appIconHint (string) + A string in the form of a media type (MIME type) that describes the + share as a whole, primarily intended as a way for the receiving + server to select an appropriate icon for the share. [RFC6838] + - OPTIONAL mediaTypes (array of strings) + An array of media types (MIME types) the webapp server can handle. + This can be any media type entries from the IANA Media Type + registry. [RFC6838] * Protocol details for `ssh` MAY contain: - OPTIONAL accessTypes (array of strings) - The type of access being granted to the remote resource. If omitted, it defaults to @@ -1232,17 +1244,18 @@ protocol required for access. The procedure is as follows: {tokenEndPoint} using the Code Flow, then deliver the resulting bearer token to the web app via an HTTP POST to `protocol.webapp.uri` with the token carried in a form field named - `access_token` along with another form field named `redirect_uri` - that represents the location where the reciving server can handle - refresh of tokens. This is typically achieved with an - auto-submitting HTML form whose `target` attribute selects the - chosen presentation (e.g. an iframe name, `_blank`, or `_top`). + `access_token` along with another form field named + `expired_session_redirect_uri` that represents the location where + the reciving server can handle refresh of tokens. This is typically + achieved with an auto-submitting HTML form whose `target` attribute + selects the chosen presentation (e.g. an iframe name, `_blank`, or + `_top`). In all cases, in case the Shared Resource is a folder and the Receiving Server accesses a Resource within that shared folder, it SHOULD append its relative path to that URL. In other words, the Sending Server SHOULD support requests to URLs such as -`https:///path/to/resource.txt`. +`https:///path/to/resource.txt`. # Code Flow diff --git a/spec.yaml b/spec.yaml index a0ddcc4..a8c64a5 100644 --- a/spec.yaml +++ b/spec.yaml @@ -457,7 +457,6 @@ components: type: string enum: - blank - - redirect - iframe ssh: type: string @@ -799,16 +798,14 @@ components: How the recipient should present the URI to the user. This array is REQUIRED and MUST NOT be empty: a webapp share without a target is invalid. - - "blank" signals the recipient to open the URI in a new window or tab. - - "redirect" signals the recipient to navigate the browser to the URI, - replacing the current page. + - "blank" signals the recipient to open the URI in a new window or + tab, or do a full page redirect. - "iframe" signals the recipient to embed the URI in an iframe within its own UI, when the Sending Server allows framing by the recipient. items: type: string enum: - blank - - redirect - iframe permissions: type: array @@ -840,18 +837,22 @@ components: multi-protocol share scenario with WebDAV, the access requirements provided in the `webdav` part MUST apply for `webapp` accesses as well. + appIconHint: + type: string + description: > + An optional string in the form of a media type (MIME type) that + describes the share as a whole, primarily intended as a way for + the receiving server to select an appropriate icon for the share. appName: type: string description: > An optional human-friendly name of the web application to be used in user interfaces when referring to this share. - mediaType: - type: string + mediaTypes: + type: array description: > - An optional string that describes the main media (MIME) type of the - share. For example a folder with a Jupyter Notebook should be given - the mediaType `application/vnd.jupyter` to allow the receiving - server to choose an appropriate icon to display for the share. + An optional array that describes the media (MIME) types that the + webapp server can handle. ssh: type: object properties: From a60dccf1360d86deede310c74f1e7480d642637c Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 9 Jun 2026 19:26:56 +0200 Subject: [PATCH 09/12] Fix typos and inconsitencies --- IETF-RFC.md | 8 ++++---- schemas/ocm-discovery.json | 2 +- spec.yaml | 33 +++++++++++++++++++++++++++++++-- 3 files changed, 36 insertions(+), 7 deletions(-) diff --git a/IETF-RFC.md b/IETF-RFC.md index 206e0b1..66ae504 100644 --- a/IETF-RFC.md +++ b/IETF-RFC.md @@ -1246,7 +1246,7 @@ protocol required for access. The procedure is as follows: `protocol.webapp.uri` with the token carried in a form field named `access_token` along with another form field named `expired_session_redirect_uri` that represents the location where - the reciving server can handle refresh of tokens. This is typically + the receiving server can handle refresh of tokens. This is typically achieved with an auto-submitting HTML form whose `target` attribute selects the chosen presentation (e.g. an iframe name, `_blank`, or `_top`). @@ -1255,7 +1255,7 @@ In all cases, in case the Shared Resource is a folder and the Receiving Server accesses a Resource within that shared folder, it SHOULD append its relative path to that URL. In other words, the Sending Server SHOULD support requests to URLs such as -`https:///path/to/resource.txt`. +`https:///path/to/resource.txt`. # Code Flow @@ -1572,9 +1572,9 @@ June 2007. [RFC6749] Hardt, D. (ed), "[The OAuth 2.0 Authorization Framework]( https://datatracker.ietf.org/html/rfc6749)", October 2012. -[RFC6828] Freed, N., Klensin, J., Hansen, T. "[Media Type +[RFC6838] Freed, N., Klensin, J., Hansen, T. "[Media Type Specifications and Registration Procedures -](https://datatracker.ietf.org/html/rfc6828)", January 2013. +](https://datatracker.ietf.org/html/rfc6838)", January 2013. [RFC7515] Jones, M., Bradley, J., Sakimura, N., "[JSON Web Signature (JWS)](https://datatracker.ietf.org/doc/html/rfc7515)", May 2015. diff --git a/schemas/ocm-discovery.json b/schemas/ocm-discovery.json index 9794580..5662e2c 100644 --- a/schemas/ocm-discovery.json +++ b/schemas/ocm-discovery.json @@ -98,7 +98,7 @@ "uniqueItems": true, "items": { "type": "string", - "enum": ["blank", "redirect", "iframe"] + "enum": ["blank", "iframe"] } } }, diff --git a/spec.yaml b/spec.yaml index a8c64a5..b892b4f 100644 --- a/spec.yaml +++ b/spec.yaml @@ -781,6 +781,7 @@ components: - uri - targets - permissions + - requirements properties: uri: type: string @@ -825,6 +826,27 @@ components: - read - write - share + requirements: + type: array + minItems: 1 + description: > + The requirements that the sharee MUST fulfill to access the + resource. This array is REQUIRED and MUST at least include + `must-exchange-token`. If multiple protocols are present in + the share payload, the requirements for the different + protocols MUST agree. + - `must-use-mfa` requires the user accessing the resource to be + MFA-authenticated. This requirement MAY be used if the + recipient provider exposes the `enforce-mfa` capability. + - `must-exchange-token` requires the recipient to exchange the given + `sharedSecret` via a signed HTTPS request to tokenEndPoint at the + Sending Server, in order to get a short-lived token to be used + for subsequent access [RFC6749]. + items: + type: string + enum: + - must-use-mfa + - must-exchange-token sharedSecret: type: string description: > @@ -832,7 +854,10 @@ components: remote app, the receiver MUST first exchange this value at the Sending Server's `tokenEndPoint` using the Code Flow, then perform an HTTP POST request to the given URI with the resulting bearer - token in a form field named `access_token`. The shared secret MUST + token in a form field named `access_token`, along with another form + field named `expired_session_redirect_uri` that represents the + location where the receiving server can handle refresh of tokens. + The shared secret MUST NOT be exposed to the browser and MUST NOT appear in any URI. In a multi-protocol share scenario with WebDAV, the access requirements provided in the `webdav` part MUST apply for `webapp` accesses as @@ -908,6 +933,7 @@ components: - read requirements: - must-use-mfa + - must-exchange-token webapp: uri: https://apps.example.org/codimd/7c084226-d9a1-11e6-bf26-cec0c932ce01 sharedSecret: hfiuhworzwnur98d3wjiwhr @@ -915,8 +941,11 @@ components: - blank permissions: - read + requirements: + - must-use-mfa + - must-exchange-token appName: CodiMD - appIcon: https://apps.example.org/assets/codimd-icon.png + appIconHint: text/markdown ssh: accessTypes: ['datatx'] uri: extuser@cloud.example.org:/7c084226-d9a1-11e6-bf26-cec0c932ce01 From 02ade4c3e23aa9362dc8745aa77276c003dfb4bc Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 10 Jun 2026 08:31:35 +0200 Subject: [PATCH 10/12] Make sharedSecret required --- IETF-RFC.md | 8 ++++---- spec.yaml | 2 ++ 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/IETF-RFC.md b/IETF-RFC.md index 66ae504..8f81467 100644 --- a/IETF-RFC.md +++ b/IETF-RFC.md @@ -1007,7 +1007,7 @@ voluntarily. as a webdav share, both protocols MUST carry the same requirements, and both requirement arrays MUST include `must-exchange-token`. - - OPTIONAL sharedSecret (string) + - REQUIRED sharedSecret (string) A secret for accessing the remote web app. To give access to the remote app, the receiver MUST first exchange this value at the Sending Server's {tokenEndPoint} using the Code Flow, then perform @@ -1237,9 +1237,9 @@ protocol required for access. The procedure is as follows: from the intersection of `protocol.webapp.targets` and the targets advertised in the receiver's `webapp-receive` discovery property. If this intersection is empty, the receiver MUST treat the `webapp` - option as unusable for this Share. If a - `protocol.webapp.sharedSecret` is present, the receiver MUST NOT - place it in the URI and MUST NOT expose it to the browser. Instead, + option as unusable for this Share. The receiver MUST NOT place the + `protocol.webapp.sharedSecret` in the URI and MUST NOT expose it to + the browser. Instead, the receiver MUST first exchange it at the Sending Server's {tokenEndPoint} using the Code Flow, then deliver the resulting bearer token to the web app via an HTTP POST to diff --git a/spec.yaml b/spec.yaml index b892b4f..85213e6 100644 --- a/spec.yaml +++ b/spec.yaml @@ -702,6 +702,7 @@ components: type: object required: - uri + - sharedSecret - permissions properties: accessTypes: @@ -779,6 +780,7 @@ components: type: object required: - uri + - sharedSecret - targets - permissions - requirements From fe88b5eaef93e79ef9f50d0899ea8e6f487b2110 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 10 Jun 2026 10:10:56 +0300 Subject: [PATCH 11/12] Address review feedback Co-authored-by: Giuseppe Lo Presti Signed-off-by: Micke Nordin --- IETF-RFC.md | 5 +---- spec.yaml | 1 + 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/IETF-RFC.md b/IETF-RFC.md index 8f81467..e3e1444 100644 --- a/IETF-RFC.md +++ b/IETF-RFC.md @@ -1014,10 +1014,7 @@ voluntarily. an HTTP POST request to the given `uri` with the resulting bearer token in a form field named `access_token` (see [Resource Access](#resource-access)). The shared secret MUST NOT - be exposed to the browser and MUST NOT appear in any URI. In a - multi-protocol Share that also offers WebDAV, the access - requirements provided in the `webdav` part (such as - `must-exchange-token`) MUST apply to `webapp` accesses as well. + be exposed to the browser and MUST NOT appear in any URI. - OPTIONAL appName (string) A human-friendly name of the web application, to be used in user interfaces when referring to this Share. diff --git a/spec.yaml b/spec.yaml index 85213e6..9f86f96 100644 --- a/spec.yaml +++ b/spec.yaml @@ -935,6 +935,7 @@ components: - read requirements: - must-use-mfa + - must-exchange-tokem - must-exchange-token webapp: uri: https://apps.example.org/codimd/7c084226-d9a1-11e6-bf26-cec0c932ce01 From 337a5c05a6ff1a89a4e5029522a7dac0e635de64 Mon Sep 17 00:00:00 2001 From: Giuseppe Lo Presti Date: Wed, 10 Jun 2026 17:22:02 +0200 Subject: [PATCH 12/12] Further fixes --- spec.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/spec.yaml b/spec.yaml index 9f86f96..4caa07b 100644 --- a/spec.yaml +++ b/spec.yaml @@ -935,10 +935,9 @@ components: - read requirements: - must-use-mfa - - must-exchange-tokem - must-exchange-token webapp: - uri: https://apps.example.org/codimd/7c084226-d9a1-11e6-bf26-cec0c932ce01 + uri: https://apps.example.org/hedgedoc/7c084226-d9a1-11e6-bf26-cec0c932ce01 sharedSecret: hfiuhworzwnur98d3wjiwhr targets: - blank @@ -947,7 +946,7 @@ components: requirements: - must-use-mfa - must-exchange-token - appName: CodiMD + appName: HedgeDoc appIconHint: text/markdown ssh: accessTypes: ['datatx']