Dear Vittorio,
Thank you for your explanation. I could understand the intention. No strong
opinion from my side, meaning I won't insist the spec should be modified.
One concern behind my suggestion was that the recommended way slightly
conflicts with the following paragraph in OIDC Core 1.0.
*"No
Thanks Thomas,
We will certainly incorporate those fixes/suggestions.
On Fri, Nov 4, 2022 at 4:00 PM Thomas Fossati via Datatracker <
nore...@ietf.org> wrote:
> Reviewer: Thomas Fossati
> Review result: Ready
>
> This document defines an OAuth parameter ("authorization_details") to
> carry fine-
Reviewer: Thomas Fossati
Review result: Ready
This document defines an OAuth parameter ("authorization_details") to
carry fine-grained authorization data in OAuth messages. This allows
APIs to customise their authorization requests and has applicability in
a number of scenarios, e.g.: banking, e-h
Dear Takahiko and Vittorio,
1. I may be digressing from the main thread, but since you mentioned about
returning error code
"unmet_authentication_requirements", I thought it appropriate to suggest
ammendments in the same thread.
2. We may need to elaborate a little more on how this error code is
