: Reflect the authorized details in the resulting Access Token or via the Introspection Response for Resource Servers to verify. 3. Security Considerations
: Publish these types in your OAuth server metadata so clients know what they can request.
: Ensure that authorization_details are treated with the same (or higher) level of validation as standard scopes. 4839005059204218ae8e0c51956c63d6.rar
: A string identifying the type of authorization (e.g., payment_initiation , account_information ).
This feature enables clients to specify fine-grained authorization requirements, such as requesting access to specific bank accounts or certain transaction amounts, rather than using broad, pre-defined scopes. 1. Core Components : Reflect the authorized details in the resulting
: Custom fields specific to the type , such as amount , currency , or account_id . 2. Implementation Workflow
: Use encrypted or signed tokens (JWTs) if the authorization details contain sensitive transaction data. : Ensure that authorization_details are treated with the
To draft this feature properly, your implementation should follow these steps outlined in the IETF OAuth RAR Implementation Considerations: