[Openid-specs-fapi] Issue #241: FAPI-CIBA: Should this profile apply to Read-Only? (openid/fapi)

Takahiko Kawasaki issues-reply at bitbucket.org
Wed Jun 26 18:33:27 UTC 2019

New issue 241: FAPI-CIBA: Should this profile apply to Read-Only?

Takahiko Kawasaki:

The FAPI-CIBA profile says _“As it is anticipated that this specification will primarily be used for write operations there is no separate read-only profile.”_

It is ambiguous whether the profile should apply or not when an authorization server judges a backchannel authentication request as a request to get an access token for FAPI **Read-Only** APIs.

It should be explicitly mentioned in the profile, either _“this profile applies to Read-and-Write APIs only”_ or _“this profile applies to both Read-Only APIs and Read-and-Write APIs”_.

More information about the Openid-specs-fapi mailing list