OAuth2 Authorization Code vs OIDC Authorization Code

[AxelNennker]

Problem description ICM gave guidelines to API subprojects and provided the text below which mentions OAuth2 Authorization Code grant instead of OIDC Authorization Code flow.

number_verification.yaml says:

Number Verification API uses the standard OAuth2 Authorization Code grant. The following diagram will help to clarify the end-to-end process, including previous steps prior to this API call.

Expected behavior Shouldn't that be OIDC Authorization Code Flow instead of OAuth2?

If yes, we should update the text in subproject files.

Please see https://github.com/camaraproject/NumberVerification/issues/106

[jpengar]

Expected behavior Shouldn't that be OIDC Authorization Code Flow instead of OAuth2?

It should be OIDC Authorization Code Flow. In fact the API spec mentions amr to identify authentication method used which is a parameter introduced by OpenID Connect. This API is limited to network authentication due to the "special" functionality it provides.