This repository houses the interactions, consultations and work management to support the maintenance of baselined components of the Consumer Data Right API Standards and Information Security profile.
41
stars
9
forks
source link
Authorization Response Algs should be conditional in RegistrationProperties #620
The properties authorization_signed_response_alg and authorization_encrypted_response_alg are designated as optional properties in the client registration response schema RegistrationProperties section of the DCR API definitions. According to their descriptions they are conditional.
authorization_signed_response_alg
The JWS alg algorithm required for signing authorization responses. If this is specified, the response will be signed using JWS and the configured algorithm. The algorithm “none” is not allowed. Required if response_type of “code” is registered by the client.
authorization_encrypted_response_alg
The JWE alg algorithm required for encrypting authorization responses. If unspecified, the default is that no encryption is performed. Required if “authorization_encrypted_response_enc” is included.
Description
The properties
authorization_signed_response_alg
andauthorization_encrypted_response_alg
are designated asoptional
properties in the client registration response schemaRegistrationProperties
section of the DCR API definitions. According to their descriptions they areconditional
.authorization_signed_response_alg
The JWS alg algorithm required for signing authorization responses. If this is specified, the response will be signed using JWS and the configured algorithm. The algorithm “none” is not allowed. Required if response_type of “code” is registered by the client.authorization_encrypted_response_alg
The JWE alg algorithm required for encrypting authorization responses. If unspecified, the default is that no encryption is performed. Required if “authorization_encrypted_response_enc” is included.Area Affected
DCR APIs > Schema > RegistrationProperties
Change Proposed
Make
authorization_signed_response_alg
andauthorization_encrypted_response_alg
conditional.