shavantha
commented
6 years ago Note: we need to update the client id as per the application we are using
Closed shavantha closed 3 years ago
shavantha
commented
6 years ago Note: we need to update the client id as per the application we are using
When we send a malformed json as a request object the flow works where the user is directed upto consent step
steps 1.encode the below payload as a base64 without encoding separate sections or adding the signature and call the authorization end point { "alg": "", "kid": "GxlIiwianVqsDuushgjE0OTUxOTk" } . { "aud": "https://api.alphanbank.com", "iss": "s6BhdRkqt3", "response_type": "code id_token", "client_id": "s6BhdRkqt3", "redirect_uri": "https://api.mytpp.com/cb", "scope": "openid payments accounts", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "max_age": 86400, "claims": { "userinfo": { "openbanking_intent_id": {"value": "urn:alphabank:intent:58923", "essential": true} }, "id_token": { "openbanking_intent_id": {"value": "urn:alphabank:intent:58923", "essential": true}, "acr": {"essential": true, "values": ["urn:openbanking:psd2:sca", "urn:openbanking:psd2:ca"]}} } } }
Steps 1.Encode the above payload in full as one base64encoded value. This is a malformed one because the signature part is not included and also header/payload are not separately encoded. The request is as below.[1]
[1]Malformed payload request
https://192.168.48.106:8243/AuthorizeAPI/v1.0.0/?response_type=code&client_id=qO1088fx_cqtghF7rNgppn3NVpQa&scope=payments&redirect_uri=http://openbanking.staging.wso2.com:9999/playground2&state=YWlzcDozMTQ2&request=ew0KICAgICJhbGciOiAiIiwNCiAgICAia2lkIjogIkd4bElpd2lhblZxc0R1dXNoZ2pFME9UVXhPVGsiDQp9DQouDQp7DQogICAiYXVkIjogImh0dHBzOi8vYXBpLmFscGhhbmJhbmsuY29tIiwNCiAgICJpc3MiOiAiczZCaGRSa3F0MyIsDQogICAicmVzcG9uc2VfdHlwZSI6ICJjb2RlIGlkX3Rva2VuIiwNCiAgICJjbGllbnRfaWQiOiAiczZCaGRSa3F0MyIsDQogICAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vYXBpLm15dHBwLmNvbS9jYiIsDQogICAic2NvcGUiOiAib3BlbmlkIHBheW1lbnRzIGFjY291bnRzIiwNCiAgICJzdGF0ZSI6ICJhZjBpZmpzbGRraiIsDQogICAibm9uY2UiOiAibi0wUzZfV3pBMk1qIiwNCiAgICJtYXhfYWdlIjogODY0MDAsDQogICAiY2xhaW1zIjoNCiAgICB7DQogICAgICJ1c2VyaW5mbyI6DQogICAgICB7DQogICAgICAgIm9wZW5iYW5raW5nX2ludGVudF9pZCI6IHsidmFsdWUiOiAidXJuOmFscGhhYmFuazppbnRlbnQ6NTg5MjMiLCAiZXNzZW50aWFsIjogdHJ1ZX0NCiAgICAgIH0sDQogICAgICJpZF90b2tlbiI6DQogICAgICB7DQogICAgICAgIm9wZW5iYW5raW5nX2ludGVudF9pZCI6IHsidmFsdWUiOiAidXJuOmFscGhhYmFuazppbnRlbnQ6NTg5MjMiLCAiZXNzZW50aWFsIjogdHJ1ZX0sDQogICAgICAgImFjciI6IHsiZXNzZW50aWFsIjogdHJ1ZSwNCiAgICAgICAgICAgICAgICAidmFsdWVzIjogWyJ1cm46b3BlbmJhbmtpbmc6cHNkMjpzY2EiLA0KICAgICAgICAgICAgICAgICAgICAgInVybjpvcGVuYmFua2luZzpwc2QyOmNhIl19fQ0KICAgICAgfQ0KICAgIH0NCn0=&nonce=n-0S6_WzA2Mj2