The OBIE R/W API specification (in v3.0, 3.1, 3.1.1, 3.1.2 and 3.1.3) require both TPPs and ASPSPs to sign all payment messages (JSON Web Signatures JWS). Non-repudiation requirements are met through the use of a number of extensions including RFC 7797. The OBIE specification makes use of the "b64" header parameter and currently enforces the following:
b64 claim (defined in https://tools.ietf.org/html/rfc7797#section-3) controls whether the message is base64-url encoded before signing. Unfortunately, a number of the JWS libraries do not correctly implement support for the
b64 claim, resulting in incorrect signature generation and validation by any ASPSP or TPP who uses these libraries.