x-fapi-interaction-id across client to AS and RS interactions

Issue #290 new
Torsten Lodderstedt created an issue

I suggest to discuss to broaden the scope of the x-fapi-interaction-id to also cover interactions with the AS, such as PAR, authorization request, token request. I think that would be very useful.

Comments (7)

  1. Daniel Fett

    Current wording:

    may send the `x-fapi-interaction-id` request header whose value is a [@!RFC4122] UUID to the server (...)

    So PAR and token request are covered.

    Sending it in the authorization request is tricky due to the nature of navigation with GET in browsers. I think that we don’t want to introduce a new authorization request parameter (outside of PAR) for this.

  2. Joseph Heenan

    This requirement (and at least one other):

    shall set the response header x-fapi-interaction-id to the value received from the corresponding fapi client request header

    is currently only a requirement on the resource server though (not on the authorization server).

  3. Daniel Fett

    Removed the x-fapi- headers in master pending further discussion after the 1st Implementer’s Draft

  4. Log in to comment