authorization_ details
Registry Context
Conveys an access token's authorization details in a token introspection response using the authorization-details structure defined by RFC 9396.
Technical Summary
A top-level member of the RFC 7662 introspection response JSON object whose value uses the RFC 9396 Section 2 array-of-objects structure and may be filtered or extended for the requesting resource server.
When Used
When an authorization server includes authorization detail information for a token in an introspection response.
Normative Requirements
Authorization servers
RFC 9396 - Section 9.2
convey authorization detail information using `authorization_details` as a top-level member of the introspection response JSON object.
Condition: If it includes authorization detail information for the token in its introspection response.
the information MUST be conveyed with authorization_details as a top-level member
`authorization_details` array
RFC 9396 - Section 2
contain multiple entries of the same type.
MAY contain multiple entries of the same type
`authorization_details` member
RFC 9396 - Section 9.2
contain the same structure defined in Section 2, potentially filtered and extended for the resource server making the introspection request.
Condition: When included in the introspection response.
MUST contain the same structure defined in Section 2
each authorization-details object
RFC 9396 - Section 2
contain a `type` field identifying the authorization details type.
Condition: For each object in the `authorization_details` array.
This field is REQUIRED.
Validation Guidance
When authorization detail information is conveyed in an introspection response, verify that it appears in the top-level `authorization_details` member.
Verify that `authorization_details` is an array of objects and that every object contains a string-valued `type` field.
Permit multiple objects with the same `type` value in the `authorization_details` array.
Reference
Details
- Entry Id
authorization_details - Name
authorization_details - Description
The member authorization_details contains a JSON array of JSON objects representing the rights of the access token. Each JSON object contains the data to specify the authorization requirements for a certain type of resource. - Change Controller
IETF- Reference
RFC9396 - Section 9.2