PingFederate supports OAuth rich authorization requests.
The rich authorization request parameter, authorization_details
, is used
by some open banking and other deployments to carry fine-grained authorization data in
OAuth messages.
Authorization details can be used in the same places where scope is used to specify authorization requirements. The following flows support authorization details:
- Authorization code
- Implicit
- Client Credentials
- Device Authorization
- CIBA
- Token Exchange (only available for mapping)
The authorization_details
parameter is a JSON
array
of JSON
objects,
where type
is the only required field for each
object.
In
the following example of an authorization detail, the type
is
payment_initiation
:
[
{
"type": "payment_initiation",
"locations": [
"https://example.com/payments"
],
"instructedAmount": {
"currency": "EUR",
"amount": "123.50"
},
"creditorName": "Merchant A",
"creditorAccount": {
"iban": "DE02100100109307118603"
},
"remittanceInformationUnstructured": "Ref Number Merchant"
}
]
For more information about authorization details, see the OAuth 2.0 Rich Authorization Requests specification.