Implement Rich Authorization Requests

[jokk-itu]

Problem

The Rich Authorization Requests specification has not been implemented.

Solution

Implement the specification RAR.

AuthorizationDetail Entity

Create a new AuthorizationDetail entity.
It must have an "Id" and a "Name".
It also contains a many-to-many relation to Client.
It also contains a many-to-many relation to ConsentGrant.

• Make a new entity that holds the many-to-many with a Value column that holds the JSON structure of the AuthorizationDetail

Dynamic Client Registration

Accept a new parameter "authorization_details_types"
which is a JSON string array containing the types the client is authorized to use.

Discovery metadata

Extend the response with "authorization_details_types_supported",
which is a JSON string array containing the types that a client can use.

Authorize endpoint

Accept a new parameter "authorize_details" which is a JSON array.

Each entry MUST have a "type" field, which is mapped to an AuthorizationDetail.Name entity in the database.

Each entry MUST have a "locations" array field, which is mapped to a Client.ClientUri entity in the database.

Consent is deduced if

• authorization_details is passed (does not matter what is consented in the past)
• client requires consent

Token/Introspection endpoint

Extend the access_token with a new claim "authorization_details",
which is 1:1 from the authorize request.