Open jogu opened 1 year ago
pedro-octavio-andrade
commented
1 year ago O fluxo de iniciação de pagamento com CIBA não prevê uso de login_hint. Esse trecho voltará a especificação quando o grupo voltar a discutir a especificação de EPOC
pedro-octavio-andrade
commented
1 year ago Revisar a documentação Open ID core sobre uso de login hint tokens. (OTPs ainda serão utilizados)
pedro-octavio-andrade
commented
1 year ago Por que a especificação CIBA-br precisa ter a definição de types (backchannel_endpoint_login_hint_token_types_supported e login-hint-token-type)? Onde é utilizado? Há limitações que deveriam estar explícitas?
Especificar o que deve ser trafegado no login hint (OTP para o caso de iniciação de pagamento, CPF futuramente para EPOC)
pedro-octavio-andrade
commented
1 year ago @RalphBragg Hi Ralph,
A couple of questions came up after the posting of the first version of the CIBA BR Security Profile (SP) on github by the CIBA Squad. Can you check our understanding and interpretation of some of the rules defined by the spec, raised by the questions?
As we previously discussed, the use case we have intended for CIBA is payment initiation with either the insertion of an OTP on the RP (generated on the Auth Server side) or with an id_token previously obtained by the RP. The CIBA BR SP spec proposes a new attribute related to the type of login_hint (backchannel_endpoint_login_hint_token_types_supported). However, these attributes are not defined in the CIBA Core specs.
Regards
The Brazil CIBA spec defined the new AS metadata
backchannel_endpoint_login_hint_token_types_supported, but the permitted values, e.g.urn:brasil:openbanking:ciba:login-hint-token-type:opaquedo not appear to have their meaning explained and are not mentioned anywhere else in the document.