michielbdejong
commented
1 week ago It's not about registering the resource, it's about registering the answer.
flow-within-flow would make the RH very complex (needs to expose an API, and keep state)
Open michielbdejong opened 1 week ago
michielbdejong
commented
1 week ago It's not about registering the resource, it's about registering the answer.
flow-within-flow would make the RH very complex (needs to expose an API, and keep state)
Consider the simplest case, 'view', which just gives a 'yes'/'no' answer. It's not enough for the RH to return this answer via the front channel. Even if we use a resource registry, it still needs to know whether the answer was yes or no. And you don't want to register a resource every time someone views or picks a scope.
So we need to solve this problem for the simplest yes/no case. I think we cannot therefore reuse GNAP-RS for this, and we should go back to our original idea of a nested authorization code flow.