New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix documentation defect for CDR Arrangement JWT method #503
Comments
This documentation fix will be targeted for v1.17.0 release. A staged change will be published this week. If there is any feedback in regards to this item we'd welcome feedback this week. |
This change has been staged for review: ConsumerDataStandardsAustralia/standards-staging@release/1.17.0...maintenance/503 |
Just to be very clear here. The only thing required in the JWT signed payload is the How is the JWT in the payload binded to the Holder and client assertion making the call? Does the JWT that is received via It seems without more required fields in the posted payload that there is now a deeper binding between the Bearer token and the information being conveyed. |
Hi @perlboy, the CDR Arrangement ID must include the parameters in accordance to the Self-Signed JWT Client Authentication section as they apply to Data Holders calling Data Recipients (specifically
This would also include fixing the non-normative example to show the other required claims in the example. Would this proposal better articulate the requirements, or do you have an alternative suggestion for expressing these requirements? This change can be updated in the staged code change. |
The staged change has been updated to reflect the above content: ConsumerDataStandardsAustralia/standards-staging@release/1.17.0...maintenance/503 Note: the bullet point "All parameters required by Data Holders calling Data Recipients using Self-Signed JWT Client Authentication." has been modified to read "All parameters in accordance with Data Holders calling Data Recipients using Self-Signed JWT Client Authentication." because the referenced section includes optional parameters which may be included. |
Description
A merge issue in v1.15.0 meant that the documentation for the CDR Arrangement Form Parameter method and CDR Arrangement JWT method were not correctly incorporated. The staged change as recommended in #426 included provisions for the CDR Arrangement JWT method for the Data Recipient hosted CDR Arrangement Revocation Endpoint.
Area Affected
CDR Arrangement Revocation End Point
Change Proposed
This change corrects the merge issue to correct the documentation as follows:
CDR Arrangement Form Parameter method
The request MUST include the following parameters using the
application/x-www-form-urlencoded
format in the HTTP request entity-body:cdr_arrangement_id
: The ID of the arrangement that the client wants to revoke.CDR Arrangement JWT method
The request MUST include the following parameters using the
application/x-www-form-urlencoded
format in the HTTP request entity-body:cdr_arrangement_jwt
: A signed JWT that includes thecdr_arrangement_id
.The
cdr_arrangement_jwt
MUST be a newly signed JWT with the following parameters in accordance with [JWT]:cdr_arrangement_id
: The ID of the arrangement that the client wants to revoke.The text was updated successfully, but these errors were encountered: