- changed component to Grant Management
Grant Management: deletion of grant elements
The draft currently only describes revocation of a whole grant. It might be desirable to delete/revoke only parts (scope values, authorization details objects, resources, claims).
Comments (8)
-
reporter -
Isn’t this solved by the
replace
mode? I suspect that modification of a grant to effectively “downgrade” authorisations should require aauthorise
call? -
Adding Vladimir Dzhuvinov’s feedback via the mailing list:
“Back then I stated there is value in enabling fine-grained revocation of individual scope values and OIDC claims. Incidentally I was discussing a use case that same week which can benefit from this... I hope the perceived difficulty in devising a nice mgmt API for this won't put you off this :)”
-
reporter @Vladimir Dzhuvinov could you share more insights about the mentioned use case? The draft currently would support partial removal by replacing the grant content (as pointed out by Stuart above). We would like to understand whether this is sufficient for your use case.
-
The original use case evolved, but I believe the “replace” action will do just fine in this case (once it gets completed).
Thanks!
-
-
assigned issue to
-
assigned issue to
-
Pending update and merge of https://bitbucket.org/openid/fapi/pull-requests/266
-
- changed status to resolved
PR merged
- Log in to comment