Support authorization_details in CIBA #1358
palmerabollo
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
authorization_details(OAuth 2.0 Rich Authorization Requests, RAR) are not supported in the CIBA grant type https://github.com/panva/node-oidc-provider/blob/main/lib/actions/grants/ciba.js#L26-L28.However, the spec itself https://www.ietf.org/archive/id/draft-ietf-oauth-rar-03.html#name-authorization-request-2 states that "The request parameter can be used to specify authorization requirements in all places where the scope parameter is used for the same purpose" including the CIBA Backchannel Authentication Requests as one such example.
It would be a good idea to support RAR it in the same way it is supported for the authorization_code grant. WDYT?
Beta Was this translation helpful? Give feedback.
All reactions