[Openid-specs-fapi] Reviewing the Grant Management Draft - https://bitbucket.org/openid/fapi/src/master/Financial_API_Grant_Management.md

Francis Pouatcha fpo at adorsys.de
Tue Feb 2 19:04:04 UTC 2021


I finally found the time to go through the grant management draft. Find my feedback bellow:


Error Responses

"If the request lacks a valid access token, the authorization server responds with HTTP status code 401." => I would replace this with the sentence "If the request lacks a valid authorization, the authorization server responds with HTTP status code 401."

  *   as many clients will not use access token to authorize the request with the AS
  *   In grant scenarios, we will expect the token to carry an authorization issued for the Resource Owner (and not for the client).

Following this same rationale, i will prefer we remove the line "Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA" on all sample requests.

Everything else looks good and complete for me.

Best regards.
/Francis

  *
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20210202/1026f265/attachment-0001.html>


More information about the Openid-specs-fapi mailing list