ConsumerDataStandardsAustralia / standards-maintenance

This repository houses the interactions, consultations and work management to support the maintenance of baselined components of the Consumer Data Right API Standards and Information Security profile.
41 stars 9 forks source link

Authorization Response Algs should be conditional in RegistrationProperties #620

Closed ShaneDoolanFZ closed 9 months ago

ShaneDoolanFZ commented 1 year ago

Description

The properties authorization_signed_response_alg and authorization_encrypted_response_alg are designated as optional properties in the client registration response schema RegistrationProperties section of the DCR API definitions. According to their descriptions they are conditional.

  1. authorization_signed_response_alg The JWS alg algorithm required for signing authorization responses. If this is specified, the response will be signed using JWS and the configured algorithm. The algorithm “none” is not allowed. Required if response_type of “code” is registered by the client.
  2. authorization_encrypted_response_alg The JWE alg algorithm required for encrypting authorization responses. If unspecified, the default is that no encryption is performed. Required if “authorization_encrypted_response_enc” is included.

Area Affected

DCR APIs > Schema > RegistrationProperties

Change Proposed

Make authorization_signed_response_alg and authorization_encrypted_response_alg conditional.

kirkycdr commented 1 year ago

This issue has been staged for review here: https://github.com/ConsumerDataStandardsAustralia/standards-staging/commit/d14e093b8aed746bb289f77d6e95a53248cd0ba7