michielbdejong
commented
4 months ago I guess the RH can just create a RAR and then pass the RAR id back in the URL query. Then that part is decoupled in terms of the mechanism and we can still choose how to present it in the UI, coupled or decoupled.
In #58 we implemented a ticket flow where the CLI app registers a ticket, for the user to approve in a browser.
In #61 and #63 we're implementing the mechanism (AS-side and RH-side) by which the resource helper registers a protected resource as a RAR in the sense of UMA-Fed-Authz.
I'm imagining a standard flow would be you create a RAR and then immediately use it to grant the client access to it.
But it could also be nice to decouple it.