Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update CAMARA-ICM-examples.md with CIBA examples #237

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Update CAMARA-ICM-examples.md with CIBA examples #237

wants to merge 5 commits into from

Conversation

sebdewet
Copy link
Collaborator

@sebdewet sebdewet commented Nov 26, 2024
edited by jpengar
Loading

What type of PR is this?

  • documentation

What this PR does / why we need it:

In CAMARA-ICM-examples.md, add CIBA examples as for Authorization code flow.

Which issue(s) this PR fixes:

Fixes #236

Special notes for reviewers:

optionnal question : In CIBA authentication request, do we define that client_assertion is mandatory ?

jpengar
jpengar reviewed Dec 3, 2024
View reviewed changes
documentation/CAMARA-ICM-examples.md Show resolved Hide resolved
documentation/CAMARA-ICM-examples.md Outdated Show resolved Hide resolved
documentation/CAMARA-ICM-examples.md Show resolved Hide resolved
@jpengar jpengar mentioned this pull request Dec 4, 2024
Open
@AxelNennker
Copy link
Collaborator

What is the status of this? I feel that we agree.
Could we close the open comments thus making clear that the comments were addressed?

  • "differ"
    @sebdewet Please consider committing my suggestion:

Please note: All values are example values and can be different from the values provided here.

  • returned scopes
    I would not include scopes in the response if they are identical to the ones requested
    Maybe remove them from all examples where requested scopes and returned scopes are the same?!
    The API consumer has to know if the scopes associated with the access token are different to what was requested, but if scopes are not part of the response then the API consumer can be sure that the requested scopes are associated with the access token

@eric-murray
Copy link
Collaborator

The CIBA /bc-authorize example should be explicitly labelled as an example of an unsigned request, and this PR would be a good place to correct that.

@jpengar
Copy link
Collaborator

jpengar commented Dec 17, 2024

@sebdewet, could you kindly review the comments? I believe we can reach a final agreement to close this PR, which is under Spring25 scope, by this week.

@sebdewet
Copy link
Collaborator Author

I updated the examples following your comments.

diegogonmar
diegogonmar reviewed Dec 27, 2024
View reviewed changes
documentation/CAMARA-ICM-examples.md
}
```
In this example, scopes differs from the one defined in the /authorize. If scopes are identical in /authorize and in the successful response, parameter scope isn't returned.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
In this example, scopes differs from the one defined in the /authorize. If scopes are identical in /authorize and in the successful response, parameter scope isn't returned.
In this example, scopes differ from the one defined in the /authorize. If scopes are identical in /authorize and in the successful response, parameter scope may not be returned.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest change to may not be returned in order to not mandate an specific behavior in server. OAuth defines as optional when identical, so server can still return scopes in that case

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jpengar jpengar jpengar left review comments

@diegogonmar diegogonmar diegogonmar left review comments

@AxelNennker AxelNennker Awaiting requested review from AxelNennker AxelNennker is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add exemples full CIBA flow for CIBA in CAMARA-ICM-examples.md
5 participants
@sebdewet @AxelNennker @eric-murray @jpengar @diegogonmar