OpenBankingToolkit / cdr-standards-application-services

ForgeRock Consumer Data Right Standards Application Services is an example of how you can bundle all the micro-services together to create an CDR eco-system

1 stars 1 forks source link

SSA should contain the correct fields #13

Open benjefferies opened 4 years ago

benjefferies commented 4 years ago

Description

The SSA from the directory for CDR should look like the below.

iss	Required		MUST contain an iss (issuer) claim denoting the party attesting to the claims in the software statementvalue: "cdr-register"
iat	Required		Issued at time claim
exp	Required		Expiration Time claim
jti	Required		JWT ID claim
org_id	Required		A unique identifier string assigned by the CDR Register that identifies the Accredited Data Recipient Brand
org_name	Required		Human-readable string name of the Accredited Data Recipient Brand to be presented to the end user during authorization
client_name	Required		Human-readable string name of the software product to be presented to the end-user during authorization
client_description	Required		Human-readable string name of the software product description to be presented to the end user during authorization
client_uri	Required		URL string of a web page providing information about the client
redirect_uris	Required		Array of redirection URI strings for use in redirect-based flows
logo_uri	Required		URL string that references a logo for the client. If present, the server SHOULD display this image to the end-user during approval
tos_uri	Optional		URL string that points to a human-readable terms of service document for the Software Product
policy_uri	Optional		URL string that points to a human-readable policy document for the Software Product
jwks_uri	Required		URL string referencing the client's JSON Web Key (JWK) Set [RFC7517] document, which contains the client's public keys
revocation_uri	Required		URI string that references the location of the Software Product consent revocation endpoint as per https://consumerdatastandardsaustralia.github.io/standards/#end-points
software_id	Required		String representing a unique identifier assigned by the ACCC Register and used by registration endpoints to identify the software product to be dynamically registered.The "software_id" will remain the same across multiple updates or versions of the same piece of software.The software_id should be used as the primary external identifier for the client to prevent duplicate client registrations
software_roles	Required		String containing a role of the software in the CDR Regime. Initially the only value used with be “data-recipient-software-product”
scope	Required		String containing a space-separated list of scope values that the client can use when requesting access tokens.These CDS scope values are defined at: https://consumerdatastandardsaustralia.github.io/standards/#authorisation-scopesThe DCR scope value is defined at: Client Registration Management

Acceptance criteria

should contain correct fields (client_name, client_description, client_uri, redirect_uris, logo_uri, tos_uri, policy_uri, jwks_uri, revocation_uri, scope)