search

ConsumerDataStandardsAustralia / standards-maintenance

This repository houses the interactions, consultations and work management to support the maintenance of baselined components of the Consumer Data Right API Standards and Information Security profile.
41 stars 9 forks source link

Documentation Improvement: Data Recipient Software Products PKCE requirements for authentication flows #460

Closed CDR-API-Stream closed 2 years ago

CDR-API-Stream commented 2 years ago

Description

The language currently used for the Data Recipient Software Products September 16th 2022 PKCE requirements wording can be clarified.

An excerpt: image

The highlighted section can be clarified. The "if supported" statement is redundant. When PAR and PKCE are supported, they MUST use S256 as the code challenge method

Area Affected

Section Authentication Flows, Data Recipient Software Products From September 16th 2022 requirements

Change Proposed

Remove the "if supported" statement to add clarity

CDR-API-Stream commented 2 years ago

This change was incorporated into release v1.16.0.