[Openid-specs-fapi] Issue #660: Define requirements for OpenAPI FAPI securityScheme type (openid/fapi)
Lukasz Jaromin
issues-reply at bitbucket.org
Wed Jan 10 13:22:07 UTC 2024
New issue 660: Define requirements for OpenAPI FAPI securityScheme type
https://bitbucket.org/openid/fapi/issues/660/define-requirements-for-openapi-fapi
Lukasz Jaromin:
The current generic OpenAPI oauth2 securityScheme type is not descriptive enough to accurately convey FAPI security profile requirements.
FAPI is an API security profile and as such should have its own securityScheme type in the OpenAPI specification. It will enable open data ecosystems and other financial-grade API designers to mark APIs that require FAPI SP with the security scheme of such type. It will enable generation of accurate API documentation and clients. It will also likely increase recognition and adoption of FAPI and will make application of FAPI easier.
I envision that in scope of this task, we would generate requirements for the security scheme type and create a proposal for Open API Initiative \(OAI\) to include this in the specification.
It is to be considered what should be explicitly and implicitly included in the type e.g. scopes, fapi version, allowed flows, RAR authorization\_details types, required headers.
More information about the Openid-specs-fapi
mailing list