[Openid-specs-fapi] Issue #480: FAPI 2 Baseline: shall support authorization details if scope is not expressive enough needs enhancement to cover standard oidc claims. (openid/fapi)
Ralph Bragg
issues-reply at bitbucket.org
Tue Mar 8 11:10:40 UTC 2022
New issue 480: FAPI 2 Baseline: shall support authorization details if scope is not expressive enough needs enhancement to cover standard oidc claims.
https://bitbucket.org/openid/fapi/issues/480/fapi-2-baseline-shall-support
Ralph Bragg:
FAPI 2 Baseline requires implementers adopt RAR if scope is not sufficient to convey the intent behind the resource sharing request. The claims parameter can also be used to indicate what identity information should be shared from the user info endpoint or id\_token both of which are resources. Therefor an interpretation could be made that the absence of the inclusion of both ‘scopes and/or claims’ being viable mechanisms for data sharing prevents the use of the claims parameter for requesting granular identity information which is not the intent behind this clause.
```
shall support the `authorization_details` parameter according to
[@!I-D.ietf-oauth-rar] to convey the authorization clients want to obtain if
the `scope` parameter is not expressive enough for that purpose
```
Perhaps the wording should be adjusted to rule out protected resources served by the authorisation server / connect.
More information about the Openid-specs-fapi
mailing list