From c35c9356591cad0299921e13ee7d672d19cf0fe9 Mon Sep 17 00:00:00 2001
From: Hugo <hnouts.dev@gmail.com>
Date: Mon, 11 Jan 2021 15:43:22 +0100
Subject: [PATCH] added consent handling from enedis/grdf

---
 docs/proxy/description.md | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/docs/proxy/description.md b/docs/proxy/description.md
index 31a72f5..e756d65 100644
--- a/docs/proxy/description.md
+++ b/docs/proxy/description.md
@@ -104,6 +104,14 @@ Regarding Enedis, two endpoints are exposed:
 
 On success, response will contain **access_token** or **refresh_token**, **usage_point_id** among other things. All informations will be stored by the cozy-stack in a cozy-accounts database.
 
+#### Consent Handling
+
+Consent is replaced everytime a new oauth dance is launched (for 6 months, hardcoded in **/authorize** request).
+User can revoke its consent from the Enedis website, no external endpoints are available for this purpose.
+
+If a consent has been revoked or expired. A 403 error will be thrown saying: *No consent can be found for this customer and this usage point*.
+
+Ecolyo can warn the user that the service is unable to continue and ask to give new consent.
 ### Grdf Adict
 
 !!! info "grdf documentation"
@@ -127,11 +135,17 @@ The */access_token* endpoint can be called with two different *grant_type* param
 
   The grdf Konnector would only need to call the *client_credentials* to get a refresh token.
 
-#### Optional: Revoke Consent
+#### Consent Handling
+
+Consent is represented by an access right. This access holds characteristics specific to the consent of the end customer.
+##### Optional: Revoke consent from external applications
 
 It is possible to cancel a consent that was given from the user to our service (for test or development purpose for instance).
 
-api.grdf.fr/adict/v1/droit_acces/{id_accreditation}
+**api.grdf.fr/adict/v1/droit_acces/{id_accreditation}**
+
+!!! info "revoked consent"
+    When the consent is revoked, the service cannot ask for another consent before the revoked one has achieved its duration.
 
 ### Cozy Oauth Protocol
 
-- 
GitLab