HSBC Sandbox Dynamic Registration Error

Description

Hi - I've already logged this on the HSBC developer support site but they are ignoring it.

I'm not clear what the kid parameter of the JWT header should be. Usually it would be the key ID of the public signing certificate as per the JWK URI, but in the case of HSBC the certs / keys are not stored on the OB Sandbox Directory hence not listed on the JWK URI.

Alternative option is to use the OBWAC and OBSEAL keys / certs provided by the OB Sandbox Directory, but that returns a 401 error response.

So I've tested two different approaches with two different (failed) outcomes:

Scenario 1) Use WAC / SEAL created on HSBC Dev Portal, and assign kid = 'abc' (random value). This returns a JSON response (attached) which is possibly telling me how the request JWT should be structured? I've double checked my JWT against this structure and as far as I can tell they do match.

Scenario 2) Use WAC / SEAL created on OB Sandbox Dir, and assign kid = 'KZhULq6ARb0QFM0jWmFjKF-8ZPc' as per JWK URI. This creates the 401 error response.

I've attached the JWT and keys / certs for both scenarios, along with responses and WAC / SEALs.

Any help greatly appreciated.

Technical Impact

None

Workaround

None

Resolution Notes

None

Impact Assessment

None

Status

Assignee

Unassigned

Reporter

Service Desk

Reference

None

Service Desk Reference

OBSD-12281

ASPSP

Query Type

Certificate issues

Created (Original)

Nov 19, 2019, 5:55 PM

TPP Impact

None

Issue Summary

HSBC Sandbox Dynamic Registration Error

OB Environment

Directory Sandbox

Business Impact Severity

None

Share

Yes
Configure