[Openid-specs-fapi] Grant Management Draft

Filip Skokan panva.ip at gmail.com
Wed Mar 11 13:01:53 UTC 2020


Hello Torsten,

Thank you for putting this together, here's my feedback:

I think a standalone resource (string or array of strings) (when used
standalone in auth request) should also result in being one of the members
of the grant query call, that's for the resulting specification to be a
general purpose - to return everything grant related.

I think the recommendation for grant_id value is a bit awkward - talking
about resulting octet length, i'd say it should recommend a secure prng
generated byte/bitsize that is then encoded using e.g. hex or base64url.

Did you consider returning a grant_uri instead of grant_id? That way the AS
is free to choose any URL scheme for its endpoint, as well as not needing a
new endpoint in discovery altogether.

Best,
*Filip*


On Wed, 11 Mar 2020 at 13:01, Torsten Lodderstedt via Openid-specs-fapi <
openid-specs-fapi at lists.openid.net> wrote:

> Hi all,
>
> I just merged the first revision of the new Grant Management Extension for
> OAuth into the master.
>
> Please take a look at
> https://bitbucket.org/openid/fapi/src/master/Financial_API_Grant_Management.md
> and give feedback.
>
> For your convenience, I attached the HTML version to this e-Mail.
>
> best regards,
> Torsten.
>
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-fapi
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20200311/d2915eff/attachment.html>


More information about the Openid-specs-fapi mailing list