Grant Management API Query Response missing normative structure
Section 6.4 (Query Status of a Grant) is defining a non-normative example of a response and is missing a normative definition.
The “scopes” section is ambiguous in its definition. The first bullet on “scopes” opens up for differences in the organization of the scopes section of the response which makes it hard to provide generic client implementations.
In order to provide interoperability it should define a structure that the server MUST comply with.
I propose the following language to provide an unambiguous response structure:
scopes
: (required) JSON array where every entry is a JSON object that MUST contain a scope
field and MAY contain a resource
JSON array. The resource
array contains one or more absolute URIs referencing the resources (as defined in [RFC8707]) authorized for that scope
.
The scope
MAY be the empty string if no explicit scope tokens are defined for a particular resource
.
Additional entries MAY be added to each entry in the scopes
JSON object.
claims
: (optional) JSON array containing the names of all OpenID Connect claims (see [OpenID]) as requested and consented in one or more authorization requests associated with the respective grant.
authorization_details
: (optional) JSON Object as defined in [I-D.ietf-oauth-rar] containing all authorization details as requested and consented in one or more authorization requests associated with the respective grant.
Comments (6)
-
-
Looking to resolve this through #457
-
-
assigned issue to
-
assigned issue to
-
- changed milestone to 2nd Implementers Draft
-
@Jacob Ideskog and @Takahiko Kawasaki thanks for this.
I’ve attempted to update the text which has changed since. Please review : https://bitbucket.org/openid/fapi/pull-requests/347
-
- changed status to resolved
PR merged
- Log in to comment
It may be better to allow
scope
to benull
if it may be an empty string. Furthermore, it may be better to allow omission ofscope
in that case. The reason I think this way is that some JSON parsers and even some computer languages (e.g. Go) have difficulties to handle differences amongnull
, an empty string and omission.