Discussion under consent here: https://bitbucket.org/openid/fapi/pull-requests/187
We have this clause: “should clearly identify long-term grants to the user during authorization as in 16.18 of OIDC; and”
But there is a suggestion that we have something in the privacy considerations, maybe….
(Data misidentification by User at RP) User could misunderstand the data they are releasing to the RP, so best practice is for the AS to make clear what data will be released to the RP.
I’m not happy with the wording, but its a start.