docs: clarify business-populated response values for identity-linked sessions#585
Open
jamesandersen wants to merge 2 commits into
Conversation
6 tasks
jamesandersen
marked this pull request as ready for review
July 18, 2026 12:30
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
docs: clarify business-populated response values for identity-linked sessions
Motivation
This is a focused, docs-only alternate to #519. That thread converged on a
clear conclusion (thanks @karangoel16 for raising it, and @raginpirate /
@amithanda for the framing): surfacing business-owned user state — saved payment
instruments, loyalty membership, buyer profile — does not need a new
extension or a new schema field. It is already possible through existing base
entities. The real gap is discoverability: today the mechanic is implicit,
spread across the
ucp_requestannotations, the loyalty extension, and identitylinking, and an implementer is unlikely to connect those on their own.
Rather than add a standalone concept page (which risks becoming a second source
of truth that drifts from the annotations that actually govern behavior — see
@amithanda's point in
#519 (comment)),
this PR lands the same intent as small edits anchored to the specs that already
own each concept.
What this PR changes
identity-linking.md— adds a### Business-Populated Response Valuessubsection right after Access Levels (where the auth model already lives). It
names the pattern: fields annotated
ucp_request: "omit"are business-populatedby definition; fields the platform MAY also supply (
optional/unannotated) MAYadditionally be populated by the business from stored user state on a response.
Identity linking is what makes those values user-specific.
checkout.md— adds a pointer in the Payments section explaining thatpayment.instrumentsmay carry display-safe, business-scoped saved instruments(opaque
id+display, no raw credential), links to the existingcreate-checkout REST example that already returns this shape, and to Identity
Linking for the access levels/scopes that gate it.
payment_instrument.json— corrects theiddescription. It previouslysaid "assigned by the platform," which is wrong for an identity-linked saved
instrument: there the business assigns the
idand the platform MUST treat itas an opaque, business-scoped reference.
loyalty.md— one-line cross-link from the existing "business populatesloyalty from authenticated identity" paragraph to the new subsection, so the
loyalty case is explicitly framed as an instance of the general pattern.
What this PR deliberately does not do
business-owned-response-values.md; nomkdocs.ymlnav entry.
payment.saved_instruments[],no
credential_stateenum, no generic tokenized-node abstraction.draft that transmitted a raw credential is omitted, consistent with the
payment handler security guidance
(and the review comments from @jamesandersen / @dkoch74).
fulfillmentfrom stored user state is trickier and belongs in its own PR.Follow-ups (intentionally separate)
These surfaced on the thread and are worth their own enhancement proposals given
the PII implications:
opaque business-owned reference (@raginpirate / @rosew).
an instrument that still needs credential collection — credential absence is
ambiguous between the two, and
idnaming is the signal we agreed not to leanon (@karangoel16's
credential_stateidea).Category (Required)
capabilities.
Checklist
breaking changes).
build could not be run locally; relying on CI (
docs.yml) as authoritative.behavior change.
description-onlyclarification on
payment_instrument.id; no structural or contract change.Verified claims
The annotation statements in the identity-linking subsection were checked
against
source/schemas/shopping/:totals,messages,orderareucp_request: "omit"incheckout.json.buyerisucp_request: {create: optional, update: optional, complete: omit}.payment.instrumentscarries noucp_requestannotation inpayment.json(bidirectional by default).