PingFederate Server

OAuth rich authorization requests

PingFederate supports OAuth rich authorization requests.

The rich authorization request parameter, authorization_details, is used by some open banking and other deployments to carry fine-grained authorization data in OAuth messages.

Authorization details can be used in the same places where scope is used to specify authorization requirements. The following flows support authorization details:

  • Authorization code

  • Implicit

  • Client Credentials

  • Device Authorization

  • CIBA

  • Token Exchange (only available for mapping)

The authorization_details parameter is a JSON array of JSON objects, where type is the only required field for each object.

In the following example of an authorization detail, the type is payment_initiation:

[
  {
    "type": "payment_initiation",
    "locations": [
      "https://example.com/payments"
    ],
    "instructedAmount": {
      "currency": "EUR",
      "amount": "123.50"
    },
    "creditorName": "Merchant A",
    "creditorAccount": {
      "iban": "DE02100100109307118603"
    },
    "remittanceInformationUnstructured": "Ref Number Merchant"
  }
]

For more information about authorization details, see the OAuth 2.0 Rich Authorization Requests specification.