[Openid-specs-fapi] Issue #449: Field name and type for resources (openid/fapi)
Takahiko Kawasaki
issues-reply at bitbucket.org
Mon Oct 4 11:27:14 UTC 2021
New issue 449: Field name and type for resources
https://bitbucket.org/openid/fapi/issues/449/field-name-and-type-for-resources
Takahiko Kawasaki:
The reasons the PR #283 “FAPI Grant Management ID1 Review: Editorial Fixes” \(which was merged into the master branch during the public review period\) changed `resources` in the example in “[6.4. Query Status of a Grant](https://openid.net/specs/fapi-grant-management-ID1.html#name-query-status-of-a-grant)” in “Grant Management for OAuth 2.0” to `resource` are \(1\) the explanation about the `scopes` following the example uses `resource` and \(2\) the explanation mentions [RFC 8707 Resource Indicators for OAuth 2.0](https://www.rfc-editor.org/rfc/rfc8707.html) which defines `resource` and states as follows, indicating that the name of the paramter `resource` does not change but its type may be an array to hold multiple values.
> For an authorization request sent as a JSON Web Token \(JWT\), such as when using the JWT Secured Authorization Request \[[JWT-SAR](https://www.rfc-editor.org/rfc/rfc8707.html#I-D.ietf-oauth-jwsreq)\], a single `resource` parameter value is represented as a JSON string while multiple values are represented as an array of strings.
However, I’m afraid that this change is not recognized well.
It seems that we should have discussion about the field name and type for resources. Points are as follows.
1. Whether the name should be \(a\) `resource` or \(b\) `resources`.
2. Whether the type \(a\) should be always an array or \(b\) may be either an array or a string.
More information about the Openid-specs-fapi
mailing list