Context
Rafiki v2.1.0-beta added functionality to of subject field in the auth server.
To support this functionality, there needs to be changes to the IDP page.
Now, when the IDP requests a grant lookup (you can see the updated OpenAPI specs here), instead of (or alongside) the access_token, it's possible to get back a subject field in the following format:
"subject": {
"sub_ids": [
{
"id": "{{walletAddress}}",
"format": "uri"
}
]
}Here, the IDP must verify that the end user does in fact own the requested wallet address, which means updating the consent screen with the proper message for the user. For example, when the subject is requested, the consent screen can present something like "{thirdPartyName} is asking you to confirm ownership of {walletAddress} wallet address".
Todos
Context
Rafiki v2.1.0-beta added functionality to of
subjectfield in the auth server.To support this functionality, there needs to be changes to the IDP page.
Now, when the IDP requests a grant lookup (you can see the updated OpenAPI specs here), instead of (or alongside) the
access_token, it's possible to get back a subject field in the following format:Here, the IDP must verify that the end user does in fact own the requested wallet address, which means updating the consent screen with the proper message for the user. For example, when the subject is requested, the consent screen can present something like "{thirdPartyName} is asking you to confirm ownership of {walletAddress} wallet address".
Todos
subjectfield when the IDP looks up the grant (verify the wallet address in the grant is in fact owned by the logged-in user)subjectfield is present in the grant lookup