CIBA spec: type of `login_hint` unclear

OpenBanking-Brasil / specs-seguranca

Documentação das especificações do GT de Segurança do Open Banking Brasil. As especificações ainda estão em versão draft e não devem ser utilizadas para implementação.

66 stars 46 forks source link

CIBA spec: type of `login_hint` unclear #288

Closed jogu closed 1 year ago

jogu commented 1 year ago

The Brazil CIBA spec doesn't appear to define how the login_hint, e.g.:

{ "format": "urn:brasil:openbanking:ciba:login-hint-token-type:as-generated" }

is passed in the signed request object. It should explicitly state if it is a string or json object. An example should probably also be added.

See https://bitbucket.org/openid/mobile/issues/208/types-of-several-values-in-authentication too as the upstream spec could possibly be more explicit.

jogu commented 1 year ago

Ah, https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html#rfc.section.7.1.1 in the upstream spec makes it clear that login_hint is a string. So it might be better to have this login hint specified as just "urn:brasil:openbanking:ciba:login-hint-token-type:as-generated".

pedro-octavio-andrade commented 1 year ago

urn:brasil:openbanking:ciba:login-hint-token-type:as-generated