testnet icon indicating copy to clipboard operation
testnet copied to clipboard
verified publisher icon interledger

Support for `subject` field (Log-in with Open Payments)

Open mkurapov opened this issue 1 month ago • 0 comments

Context

Rafiki v2.1.0-beta added functionality to of subject field in the auth server. To support this functionality, there needs to be changes to the IDP page.

Now, when the IDP requests a grant lookup (you can see the updated OpenAPI specs here), instead of (or alongside) the access_token, it's possible to get back a subject field in the following format:

"subject": {
    "sub_ids": [
      {
        "id": "{{walletAddress}}",
        "format": "uri"
      }
    ]
  }

Here, the IDP must verify that the end user does in fact own the requested wallet address, which means updating the consent screen with the proper message for the user. For example, when the subject is requested, the consent screen can present something like "{thirdPartyName} is asking you to confirm ownership of {walletAddress} wallet address".

Todos

  • [ ] Handle subject field when the IDP looks up the grant (verify the wallet address in the grant is in fact owned by the logged-in user)
  • [ ] Display correct message to the user when the subject field is present in the grant lookup

mkurapov avatar Nov 19 '25 11:11 mkurapov