[Openid-specs-fapi] Issue #346: RAR requirement may be unnecessary? (openid/fapi)

josephheenan issues-reply at bitbucket.org
Thu Nov 19 17:35:00 UTC 2020

New issue 346: RAR requirement may be unnecessary?

Joseph Heenan:

FAPI 2 Baseline says the AS:

1. shall support rich authorization requests according to \[@I-D.ietf-oauth-rar\]

I’m not sure I understand the reasoning here. It seems unnecessary for servers to support RAR if scopes or OIDC claims are sufficient for their use cases? \(I can understanding the reasons for point people towards RAR if scopes/etc aren’t sufficient for their use case.\)


More information about the Openid-specs-fapi mailing list