Info | ||
---|---|---|
| ||
The MASTER location for this profile is located here: https://bitbucket.org/openid/obuk/src/4630771db004da59992fb201641f5c4ff2c881f1/uk-openbanking-registration-profile.md?at=master&fileviewer=file-view-default Version Control is located here: https://bitbucket.org/openid/obuk/commits/all Git Commit Reference: 46307718-12-17 - 4630771 All changes are tracked as GIT commits for 100% transparency and visibility. Ideally comments, issues and pull requests will raised against the OIDF git repository however comments raised below as comments or on feedback pages will be responded too and incorporated during a transition period. |
...
Version | Date | Author | Comments |
---|---|---|---|
v0.9.0 |
| Ralph Bragg | Initial draft for internal review |
v1.0.0-rc1 |
| Ralph Bragg | For review |
v1.0.0-rc2 | Ralph Bragg (Unlicensed) | Updated to amend "organisation_competent_authority_claims" from an array to an object, so that it matches the Open Banking Directory implementation as approved by TDA on |
Introduction
This specification defines two mechanisms by which a Primary Technical Contact (PTC) for a Trusted Third Party (TPP) may submit a Software Statement Assertion (SSA) to an Account Servicing Payment Services Provider (ASPSP) for the purposes of receiving a client credential enabling access to UK OpenBanking APIs on behalf of ASPSP Customers. The automated mechanism profiles [RFC7591]. The manual mechanism uses web single sign-on for secure access by the PTC to a portal operated by the ASPSP that is based on the original PTC credentials used to generate the SSA.
...
The TPP MAY specify a JSON array of [RFC3986] compliant redirect URIs in the request using the redirect_uris metadata element. Every value in the redirect_uris JSON array MUST adhere to the following rules: * The URI MUST use the https scheme * The URI MUST NOT contain a host with a value of localhost * The URI MUST exactly match a URI within the software_redirect_uris element of the SSA as described in Section 6.2.1 of [RFC3986] (Simple String Comparison). If the request_uris metadata element is omitted from the request, the entire contents of the software_redirect_uris element in the SSA are considered to be requested by the TPP.
Example Request
POST /register HTTP/1.1 Content-Type: application/jwt Accept: application/json Host: auth.bankone.com eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJJREFtYXpvbiIsImlhdCI6MTQ5OTgwNTg0OCwiZXhwIjoxNTMxMzQxODQ4LCJhdWQiOiJodHRwczovL2F1dGhuLmxsb3lkc2JhbmsuY29tIiwic3ViIjoiaHR0cHM6Ly9hdXRobi5sbG95ZHNiYW5rLmNvbSIsImNsaWVudF9pZCI6IklEQW1hem9uMSIsInNvZnR3YXJlX3N0YXRlbWVudCI6ImV5SjBlWEFpT2lKS1YxUWlMQ0poYkdjaU9pSklVekkxTmlKOS5leUpwYzNNaU9pSlBjR1Z1UW1GdWEybHVaeUlzSW1saGRDSTZNVFE1T1Rnd05UZzBPQ3dpWlhod0lqb3hOVE14TXpReE9EUTRMQ0poZFdRaU9pSkZlR0Z0Y0d4bElGUlFVQ0lzSW5OMVlpSTZJa1Y0WVcxd2JHVWdWRkJRSWl3aVQySlVVRkJKWkNJNklrbEVRVzFoZW05dUlpd2lUMkpVVUZCU2IyeGxJam9pVUVsVFVDSjkuUnJydEpYbmZmSzVjOHJJeEczUm93QXNRZWNlSDNvWlFXTWJwZ0hENzhPOCJ9.VRckIjwgB9ahNTPK6GcDzCfqbU9mkvoOu-B_2jHdKzs
Example Decoded Registration Request (Non Normative JWT decoded For Illustration)
POST /register HTTP/1.1 Content-Type: application/jwt Accept: application/json Host: authn.lloyds.co.uk { "typ": "JWT", "alg": "ES256", "kid": "ABCD1234" } { "iss": "Amazon TPPID", "iat": 1492760444, "exp": 1524296444, "aud": "https://authn.lloyds.co.uk", "scope": "openid makepayment", "token_endpoint_auth_method": "private_key_jwt", "grant_types": ["authorization_code", "refresh_token", "client_credentials"], "response_types": ["code"], "id_token_signed_response_alg": "ES256", "request_object_signing_alg": "ES256", "software_id": "65d1f27c-4aea-4549-9c21-60e495a7a86f", "software_statement": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJpc3MiOiJPcGVuQmFua2luZyBMdGQiLCJpYXQiOjE0OTI3NTYzMzEsImV4cCI6MTQ5Mjc1NzU1MCwiYXVkIjoiT3BlbkJhbmtpbmcgVFBQIFVuaXF1ZSBJRCIsInN1YiI6Ik9wZW5CYW5raW5nIFRQUCBTb2Z0d2FyZSBVbmlxdWUgSUQiLCJjbGllbnRfbmFtZSI6IkFtYXpvbiBQcmltZSBMdGQiLCJjbGllbnRfdXJpIjoiaHR0cHM6Ly9wcmltZS5hbWF6b24uY29tIiwidHBwX3NvZnR3YXJlX2lkIjoiT3BlbkJhbmtpbmcgVFBQIFNvZnR3YXJlIFVuaXF1ZSBJRCIsInRwcF9zb2Z0d2FyZV9yb2xlcyI6WyJQSVNQIiwiQUlTUCJdLCJ0cHBfcm9sZXMiOlsiUElTUCIsIkFJU1AiLCJQSUlTUCJdLCJ0cHBfaWQiOiJPcGVuQmFua2luZyBUUFAgVW5pcXVlIElEIiwidHBwX25hbWUiOiJPcGVuQmFua2luZyBUUFAgUmVnaXN0ZXJlZCBOYW1lIiwidHBwX2NvbXBldGVudF9hdXRob3JpdHkiOiJPcGVuQmFua2luZyBUUFAgUmVnaXN0ZXJlZCBDb21wZXRlbnQgQXV0aG9yaXR5IiwidHBwX2NvbXBldGVudF9hdXRob3JpdHlfaWQiOiJPcGVuQmFua2luZyBUUFAgUmVnaXN0ZXJlZCBBdXRob3JpdHkgSUQiLCJ0cHBfcHRjX25hbWUiOiJPcGVuQmFua2luZyBUUFAgUmVnaXN0ZXJlZCBQcmltYXJ5IFRlY2huaWNhbCBDb250YWN0IE5hbWUiLCJ0cHBfcHRjX2VtYWlsIjoiT3BlbkJhbmtpbmcgVFBQIFJlZ2lzdGVyZWQgUHJpbWFyeSBUZWNobmljYWwgQ29udGFjdCBFbWFpbCIsInRwcF9qd2tzX2VuZHBvaW50IjoiaHR0cHM6Ly9qd2tzLm9wZW5iYW5raW5nLm9yZy51ay90cHBfaWQuamt3cyJ9.dtWXOW7uAc-jM_-wZNyNvN3dkgd4yV6KkdS_6rbNRUBD15_rWO1FARF7WcjFmSvlZZrT-njf9CmJKbhl7DuXIw" } { Signature }
...