[Openid-specs-fapi] Reviewing the Grant Management Draft - https://bitbucket.org/openid/fapi/src/master/Financial_API_Grant_Management.md
fpo at adorsys.de
Tue Feb 2 19:04:04 UTC 2021
I finally found the time to go through the grant management draft. Find my feedback bellow:
"If the request lacks a valid access token, the authorization server responds with HTTP status code 401." => I would replace this with the sentence "If the request lacks a valid authorization, the authorization server responds with HTTP status code 401."
* as many clients will not use access token to authorize the request with the AS
* In grant scenarios, we will expect the token to carry an authorization issued for the Resource Owner (and not for the client).
Following this same rationale, i will prefer we remove the line "Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA" on all sample requests.
Everything else looks good and complete for me.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-fapi