FAPI-CIBA: Should this profile apply to Read-Only?
Issue #241
closed
The FAPI-CIBA profile says “As it is anticipated that this specification will primarily be used for write operations there is no separate read-only profile.”
It is ambiguous whether the profile should apply or not when an authorization server judges a backchannel authentication request as a request to get an access token for FAPI Read-Only APIs.
It should be explicitly mentioned in the profile, either “this profile applies to Read-and-Write APIs only” or “this profile applies to both Read-Only APIs and Read-and-Write APIs”.
Comments (2)
-
-
- changed status to closed
- Log in to comment
so it can be used for read-only APIs, so therefore we should probably add this wording: “this profile applies to both Read-Only APIs and Read-and-Write APIs”