michielbdejong
commented
2 months ago From https://datatracker.ietf.org/doc/html/rfc9396 it seems that like the Lodging Intent Pattern which we discussed and rejected in #16, RAR is pre-dance and not sub-dance.
First of all, CAREFUL! OAuth 2.0 RAR stands for "Rich Authorization Request" AND NOT GNAP Resource Access Rights which are used in GNAP-RS in what seems to be a competitor of UMA-Fed-Authz?