Table of Contents | ||||
---|---|---|---|---|
|
...
- shall support confidential clients;
- shall not support public clients;
- shall support user authentication at appropriate level as defined in PSD2 be that LoA 3 or 2 or other.
- shall require the
response_type
values code orcode id_token
orcode id_token token
; - shall authenticate the confidential client at the Token Endpoint using one of the following methods:
- TLS mutual authentication [MTLS] https://tools.ietf.org/idhtml/draft-ietf-oauth-mtls-02.xml05; or (Recommended)
- client_secret_basic or client_secret_post provided the client identifier matches the client identifier bound to the underlying mutually authenticated TLS transport session; or (Allowed)
- JWS Client Assertion using the client_secret or a private key as specified in section 9 of [OIDC]; (Recommended)
- shall issue an ID Token in the token response when
openid
was included in the requestedscope
as in Section 3.1.3.3 of OIDC with itssub
value corresponding to the "Intent Ticket ID" and optionalacr
value in ID Token. - may support refresh tokens.
...
1. The PISP can query for the status of a Payment-Submission by invoking the /payment-submissions using the known PaymentSubmissionId. This can use an existing access token with payments scope or the PISP can obtain a fresh access token by replaying the client credentials grant request as per Step 2 - Setup Single Payment Initiation.
Request: payment-submissions/{PaymentSubmissionId} | Response: payment-submissions | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
|
2. A PISP can also optionally query for the status of a Payment resource by invoking /payments/{PaymentId}. This can use an existing access token with payments scope or the PISP can obtain a fresh access token by replaying the client credentials grant request as per Step 2 - Setup Single Payment Initiation.
Account API Specification
...