[Openid-specs-fapi] Issue #241: FAPI-CIBA: Should this profile apply to Read-Only? (openid/fapi)
issues-reply at bitbucket.org
Wed Jun 26 18:33:27 UTC 2019
New issue 241: FAPI-CIBA: Should this profile apply to Read-Only?
The FAPI-CIBA profile says _“As it is anticipated that this specification will primarily be used for write operations there is no separate read-only profile.”_
It is ambiguous whether the profile should apply or not when an authorization server judges a backchannel authentication request as a request to get an access token for FAPI **Read-Only** APIs.
It should be explicitly mentioned in the profile, either _“this profile applies to Read-and-Write APIs only”_ or _“this profile applies to both Read-Only APIs and Read-and-Write APIs”_.
More information about the Openid-specs-fapi