The rich authorization request parameter, authorization_details, is used by some open banking and other deployments to carry fine-grained authorization data in OAuth messages.

Authorization details can be used in the same places where scope is used to specify authorization requirements. The following flows support authorization details:

  • Authorization code
  • Implicit
  • Client Credentials
  • Device Authorization
  • CIBA
  • Token Exchange (only available for mapping)

The authorization_details parameter is a JSON array of JSON objects, where type is the only required field for each object.

In the following example of an authorization detail, the type is payment_initiation:

[
  {
    "type": "payment_initiation",
    "locations": [
      "https://example.com/payments"
    ],
    "instructedAmount": {
      "currency": "EUR",
      "amount": "123.50"
    },
    "creditorName": "Merchant A",
    "creditorAccount": {
      "iban": "DE02100100109307118603"
    },
    "remittanceInformationUnstructured": "Ref Number Merchant"
  }
]

For more information about authorization details, see the OAuth 2.0 Rich Authorization Requests specification.