The Authorization Server should support subject fields in the grant request. It should be similar to the accesses in that a separate table manages each grant's subject fields.

• Add subjects table to AS database
  • Has many-to-one relation with grants table
  • Columns should include sub_id and sub_id_format (each subject item in the request would create a separate row in the subjects)
• Add logic in grant request endpoint to create associated subjects rows
• Add logic in token introspection route handler to return the subjects access control for the associated grant in the response.
• Add subjects field in /grant/{id}/{nonce}response
  • Add subjects to OpenAPI spec for IDP

Prerequisites:

• Add subject field to AS spec open-payments-specifications#19