interledger · melissahenderson · Jan 4, 2024 · Jan 4, 2024 · Jan 4, 2024 · Jan 4, 2024
@@ -2,15 +2,14 @@
 title: Grant negotiation and authorization
 ---
 
-import Interactive from '/src/partials/diagram-interactive-grant.mdx'
-
 import {
   CodeBlock,
   LinkOut,
   Tooltip,
   Mermaid,
   MermaidWrapper
 } from '@interledger/docs-design-system'
+import Interactive from '/src/partials/diagram-interactive-grant.mdx'
 
 In Open Payments, a grant indicates a transfer, or delegation, of authorization from a resource owner (RO) to a piece of software. An RO can be a physical person, such as the software’s end user, or a process, such as predefined organizational rules. By delegating authorization, the RO allows the software to access and perform operations on protected resources on the RO’s behalf.
 
@@ -97,8 +96,12 @@ An open-source implementation of an Open Payments resource server, called <LinkO
 
 ## Identity providers
 
-Open Payments requires the use of an identity provider (IdP) during an <Tooltip content="A grant requiring explicit interaction/consent from the RO before an access token can be issued" client:load><span>interactive grant</span></Tooltip> flow. An IdP is a system or service that manages user authentication, identity information, and consent.
+An identity provider (IdP) is a system or service that manages user authentication, identity information, and consent. Open Payments requires any AS that issues <Tooltip content="A grant requiring explicit interaction/consent from the resource owner before an access token can be issued" client:load><span>interactive grants</span></Tooltip> be integrated with an IdP.
 
-After an interactive grant request is initiated and the AS sets the session, the AS provides the client with the IdP URI to redirect the end-user to. The IdP handles end-user authentication and consent and communicates the details to the AS.
+After an interactive grant request is initiated and the AS sets the session, the AS provides the client with the IdP URI to redirect the end-user to.
 
 <Interactive />
+
+:::tip[Reference implementation]
+Rafiki provides a reference <LinkOut href='https://github.com/interledger/rafiki/tree/main/packages/auth'>authorization service</LinkOut> implementation that includes support for integration with an IdP.
+:::
@@ -58,9 +58,9 @@ In streaming WM payments, the maximum amount to be paid is unknown to the payee
 
 #### quote
 
-After an `incoming-payment` resource is created on the payee’s account, a `quote` resource must be created on the payer’s account. A quote is only valid for a limited time.
+After an `incoming-payment` resource is created on the payee’s account, a `quote` resource must be created on the payer’s account.
 
-The purpose of a quote is to indicate how much it will cost, including any applicable fees, to make the payment. The quote serves as a commitment from the payer’s ASE to deliver a particular amount to the payee’s ASE.
+The purpose of a quote is to indicate how much it will cost, including any applicable fees, to make the payment. The quote serves as a commitment from the payer’s ASE to deliver a particular amount to the payee’s ASE. A quote is only valid for a limited time.
 
 There are three types of quotes.
 

@@ -10,7 +10,7 @@ import Ts from '/src/partials/ts-prerequisites.mdx'
 
 While most Open Payments code snippets are intended for clients, getting the keys bound to a wallet address is primarily a function of account servicing entities.
 
-When an authorization server receives a signed grant request, the auth server makes a call to acquire the keys. When a client makes a request to a resource server, the resource server calls the auth server to ensure the signature of the request corresponds to the public JWK of the wallet address.
+When an authorization server receives a signed grant request, the server can make a call to acquire the public keys bound to the wallet address. Then, when a client makes a request to a resource server, the resource server calls the auth server to ensure the signature of the request corresponds to the public JWK of the wallet address. This enables the server to ensure the client is who it says it is.
 
 These code snippets get the keys associated with the specified wallet address.
 

@@ -5,10 +5,6 @@ draft: true
 
 import { LinkOut } from '@interledger/docs-design-system'
 
-:::caution
-This section is WIP
-:::
-
 ## Account servicing entity (ASE)
 
 ## Authorization server (AS)
@@ -17,8 +13,14 @@ This section is WIP
 
 ## Grant Negotiation and Authorization Protocol (GNAP)
 
+## Incoming payment resource
+
 ## Interactive grant
 
 ## Open Payments (OP)
 
+## Outgoing payment resource
+
+## Quote resource
+
 ## Resource server (RS)