[Openid-specs-fapi] Reviewing the Grant Management Draft - https://bitbucket.org/openid/fapi/src/master/Financial_API_Grant_Management.md
Francis Pouatcha
fpo at adorsys.de
Tue Feb 2 19:04:04 UTC 2021
I finally found the time to go through the grant management draft. Find my feedback bellow:
Error Responses
"If the request lacks a valid access token, the authorization server responds with HTTP status code 401." => I would replace this with the sentence "If the request lacks a valid authorization, the authorization server responds with HTTP status code 401."
* as many clients will not use access token to authorize the request with the AS
* In grant scenarios, we will expect the token to carry an authorization issued for the Resource Owner (and not for the client).
Following this same rationale, i will prefer we remove the line "Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA" on all sample requests.
Everything else looks good and complete for me.
Best regards.
/Francis
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20210202/1026f265/attachment-0001.html>
More information about the Openid-specs-fapi
mailing list