OAuth rich authorization requests
PingFederate supports OAuth rich authorization requests.
The rich authorization request parameter, authorization_details, is used by some open banking and other deployments to carry fine-grained authorization data in OAuth messages.
Authorization details can be used in the same places where scope is used to specify authorization requirements. The following flows support authorization details:
-
Authorization code
-
Implicit
-
Client Credentials
-
Device Authorization
-
CIBA
-
Token Exchange (only available for mapping)
The authorization_details parameter is a JSON array of JSON objects, where type is the only required field for each object.
In the following example of an authorization detail, the type is payment_initiation:
[
{
"type": "payment_initiation",
"locations": [
"https://example.com/payments"
],
"instructedAmount": {
"currency": "EUR",
"amount": "123.50"
},
"creditorName": "Merchant A",
"creditorAccount": {
"iban": "DE02100100109307118603"
},
"remittanceInformationUnstructured": "Ref Number Merchant"
}
]
For more information about authorization details, see the OAuth 2.0 Rich Authorization Requests specification.