We are implementing TMF720 and was wondering how it would fit with OAuth2.0 and OIDC.
More importantly, I have a query regarding querying credentials. I'm from security background and so find this a bit strange that we can query a password for example.
Appreciate your help
I've referred this query to the ODA security working group, including the current lead for the TMF720 API.
Having said that, the fact that the resource model for basic credentials includes the password doesn't mean that you can query the password. It could be that the password field is write-only, so you can POST or PATCH credentials, but you cannot retrieve them. Presumably each specific implementation of the API will decide what can actually be returned in a retrieve or query operation (GET).