...
- Breaking changes:
- Section 3.4: not_authorized_permission error code: Changed to not_authorized.
- RPT handling: Changed extensively to remove the RPT issuance endpoint and enable the authorization data request endpoint to do all RPT issuance duties. Permission ticket issuance is now handled on an "eager" basis, when a client either without an RPT or with an invalid or insufficient-authorization-data RPT approaches the RS seeking access. This affects several sections:
- Section 1.4: configuration data
- Section 3: introduction
- Section 3.1.1 and 3.1.2: client approaching RS
- Section 3.2: RS registering permission
- Section 3.4: RPT issuance and authorization data addition
- Section 5.2: Extensibility profile implications
- Other changes of note:
- Section 3.1.1 and Section 3.1.2: Extraneous host_id removed from example of RS's response to client.
From Core rev 11 to rev 12:
- Changes of note:
- Enabled explicit use of OAuth-based authentication protocols such as OpenID Connect for OAuth protection driving PAT and AAT issuance.
From RSR rev 03 to rev 04:
- Removed the "status: xxx" property from all the AS responses in the RSR API.
...