The Access Evaluation Request is an HTTPS request with content-type of application/json. Its body is a JSON object that contains the Access Evaluation Request, as defined in Section 6.1.
The following is a non-normative example of the HTTPS binding of the Access Evaluation Request:
The success response to an Access Evaluation Request is an Access Evaluation Response. It is an HTTPS response with a status code of 200, and content-type of application/json. Its body is a JSON object that contains the Access Evaluation Response, as defined in Section 6.2.
Following is a non-normative example of an HTTPS Access Evaluation Response:
The following error responses are common to all methods of the Authorization API. The error response is indicated by an HTTPS status code (Section 15 of [RFC9110]) that indicates error.
The following errors are indicated by the status codes defined below:
7.1.3.エラー応答
以下のエラー応答は、Authorization API のすべてのメソッドに共通です。エラー応答は、RFC9110セクション15に定義されているHTTPS ステータス コード によって識別されます。
Note: HTTPS errors are returned by the PDP to indicate an error condition relating to the request or its processing, and are unrelated to the outcome of an authorization decision, which is always returned with a 200 status code and a response payload.
To make this concrete: * a 401 HTTPS status code indicates that the caller (policy enforcement point) did not properly authenticate to the PDP - for example, by omitting a required Authorization header, or using an invalid access token. * the PDP indicates to the caller that the authorization request is denied by sending a response with a 200 HTTPS status code, along with a payload of { "decision": false }.
All requests to the API MAY have request identifiers to uniquely identify them. The API client (PEP) is responsible for generating the request identifier. If present, the request identifier SHALL be provided using the HTTPS Header X-Request-ID. The value of this header is an arbitrary string. The following non-normative example describes this header:
7.1.4.リクエストの識別
API へのすべてのリクエストには、リクエストを一意に識別するためのリクエスト識別子が含まれる場合があります。API クライアント (PEP) は、リクエスト識別子を生成する責任があります。存在する場合、リクエスト識別子は HTTPS ヘッダーを使用して提供される必要がありますX-Request-ID。このヘッダーの値は任意の文字列です。次の非規範的な例は、このヘッダーについて説明しています:
POST /access/v1/evaluation HTTP/1.1
Authorization: Bearer mF_9.B5f-4.1JqM
X-Request-ID: bfe9eb29-ab87-4ca3-be83-a1d5d8305716
A PDP responding to an Authorization API request that contains an X-Request-ID header MUST include a request identifier in the response. The request identifier is specified in the HTTPS Response header: X-Request-ID. If the PEP specified a request identifier in the request, the PDP MUST include the same identifier in the response to that request.
The following is a non-normative example of an HTTPS Response with this header:
7.1.5.レスポンスにおけるリクエストの識別
ヘッダーを含む Authorization API リクエストに応答する PDP はX-Request-ID、レスポンスにリクエスト識別子を含める必要があります。リクエスト識別子は、HTTPS レスポンス ヘッダー(X-Request-ID)で指定されます。PEP がリクエストにリクエスト識別子を指定した場合、PDP はそのリクエストへのレスポンスに同じ識別子を含める必要があります
以下は、このヘッダーを含む HTTPS レスポンスの非標準的な例です:
HTTP/1.1 OK
Content-type: application/json
X-Request-ID: bfe9eb29-ab87-4ca3-be83-a1d5d8305716
0 件のコメント:
コメントを投稿