authzen icon indicating copy to clipboard operation
authzen copied to clipboard
verified publisher icon openid

Inconsistent use of `reason`, `reason_admin`, and `reason_user`

Open krotscheck opened this issue 8 months ago • 2 comments

https://github.com/openid/authzen/blob/2ff35ac9a0dc22359b444c84eeb66c4aa6d6f29c/api/authorization-api-1_0.md?plain=1#L712

Evaluation response example in deny-on-first-deny doesn't match description above- should it be reason_admin, reason_user, or should there be an additional reason field in section 6.2.4? Or is the reason field intended to be a user-defined one as per 6.2.2?

krotscheck avatar Apr 12 '25 17:04 krotscheck

Connected to #264 and somewhat #250

identitymonk avatar Apr 15 '25 14:04 identitymonk

We need an overhaul of the "reason" section.

ogazitt avatar Apr 15 '25 23:04 ogazitt

@baboulebou is working on an updated proposal.

davidjbrossard avatar Jun 20 '25 20:06 davidjbrossard

+1. I also think that the reason object should be out of context altogether. Context is supposed to provide more details to PEP like for MFA while reason is meant for reasons of denial.

vatsalgupta avatar Jun 23 '25 06:06 vatsalgupta

This has been addressed in the reworked section by @baboulebou

davidjbrossard avatar Aug 14 '25 19:08 davidjbrossard