Danske (Private & Business) JWS issuer doesn't match well-known endpoint

Description

The id_token JWS returned by Danske's OB APIs contains an issuer that doesn't match the issuer specified by the respective well-known endpoints.

Danske private issuer: https://obp-api.danskebank.com/open-banking/private (as specified at https://obp-api.danskebank.com/open-banking/private/.well-known/openid-configuration)
Danske business issuer: https://obp-api.danskebank.com/open-banking/business (as specified at https://obp-api.danskebank.com/open-banking/business/.well-known/openid-configuration)

Technical Impact

JWS libraries report error when validating the id_token against the issuer specified in the well-known endpoint

Workaround

None

Resolution Notes

None

Impact Assessment

N/A

Status

Assignee

Unassigned

Reporter

Service Desk

Reference

None

Service Desk Reference

OBSD-12347

ASPSP

Query Type

None

Created (Original)

Nov 22, 2019, 4:15 PM

TPP Impact

None

Issue Summary

Danske (Private & Business) JWS issuer doesn't match well-known endpoint

OB Environment

None

Business Impact Severity

Level 3

Share

Yes
Configure