perlboy
commented
2 years ago For clarity https://api.cdr.gov.au/idp/.well-known/openid-configuration is only a valid .well-known RFC8615 path if the base-url includes the /idp. Suggest this means that the Register Base URIs should instead have an Auth Base URI added with /idp.
Further on /jwks, it is accurate but what is missing is the construction of the Base URI like the Standards. Aligning to the Holder construction method introduces consistency.
nils-work
Description
The API paths and associated non-normative examples provided for the Register APIs
Get OpenId Provider ConfigandGet JWKSare incorrect.This issue occurred during the migration of the Register design into the Consumer Data Standards.
Area Affected
Get OpenId Provider Config
https://consumerdatastandardsaustralia.github.io/standards/?examples#get-openid-provider-config
Current Documentation: GET /.well-known/openid-configuration
Associated Non-Normative Example: GET https://\<register-base-url>/.well-known/openid-configuration HTTP/1.1
Actual Production Path: https://api.cdr.gov.au/idp/.well-known/openid-configuration
Get JWKS
https://consumerdatastandardsaustralia.github.io/standards/?examples#get-jwks
Current Documentation: GET /jwks
Associated Non-Normative Example: GET https://\<register-base-url>/jwks HTTP/1.1
Actual Production Path: https://api.cdr.gov.au/cdr-register/v1/jwks
Change Proposed
Get OpenId Provider Config
Add the missing
idpcomponent to the pathGet JWKS
Add the missing
cdr-register/v1component to the path