[Openid-specs-fapi] Issue #417: Shall require introspection of claims (openid/fapi)

Travis Spencer issues-reply at bitbucket.org
Fri May 28 08:28:21 UTC 2021


New issue 417: Shall require introspection of claims
https://bitbucket.org/openid/fapi/issues/417/shall-require-introspection-of-claims

Travis Spencer:

FAPI 2 baseline says:

> shall provide a means for resource servers to verify the validity, integrity, sender-constraining, scope \(incl. authorization\_details\), expiration and revocation status of an access token, either by providing an introspection endpoint \[RFC7662\], by exposing signature verification keys, or by deployment-specific means

[https://openid.net/specs/fapi-2\_0-baseline-00.html#section-2.2.1-2.17.1](https://openid.net/specs/fapi-2_0-baseline-00.html#section-2.2.1-2.17.1)

This should be updated to say:

> shall provide a means for resource servers to verify the validity, integrity, sender-constraining, scope \(incl. authorization\_details **and claims**\), expiration and revocation status of an access token, either by providing an introspection endpoint \[RFC7662\], by exposing signature verification keys, or by deployment-specific means

As an OpenID Connect profile, section 5 of core needs be handled as well.


More information about the Openid-specs-fapi mailing list