OAuth rich authorization requests
PingFederate supports OAuth rich authorization requests.
The rich authorization request parameter, authorization_details
, is used by some open banking and other deployments to carry fine-grained authorization data in OAuth messages.
Authorization details can be used in the same places where scope is used to specify authorization requirements. The following flows support authorization details:
-
Authorization code
-
Implicit
-
Client Credentials
-
Device Authorization
-
CIBA
-
Token Exchange (only available for mapping)
The authorization_details
parameter is a JSON array of JSON objects, where type
is the only required field for each object.
In the following example of an authorization detail, the type
is payment_initiation
:
[ { "type": "payment_initiation", "locations": [ "https://example.com/payments" ], "instructedAmount": { "currency": "EUR", "amount": "123.50" }, "creditorName": "Merchant A", "creditorAccount": { "iban": "DE02100100109307118603" }, "remittanceInformationUnstructured": "Ref Number Merchant" } ]
For more information about authorization details, see the OAuth 2.0 Rich Authorization Requests specification.