Rafiki: Rafiki (RS) <> Auth Server (AS) Integration: Access control and signing requests #15

matdehaast · 2022-09-12T11:58:48Z

Summary

Rafiki's Open Payments APIs require GNAP grants and corresponding signature-bound access tokens for authentication and authorization.

Intended Outcomes

All requests are access controlled and signed. This includes the following requests

client <> RS
RS <> AS
RS <> another RS

How will it work?

Rafiki validates token + signature on client requests
Rafiki self-provisions key(s)
Rafiki (optionally) signs introspection requests with said key(s)
Rafiki requests grants to access resources on other Rafiki instances (e.g. incoming payments)
Rafiki signs requests to other Rafiki instances

Links

matdehaast added the v1 label Sep 12, 2022

sabineschaller changed the title ~~Rafiki: Validate keys provided~~ Rafiki: Rafiki (RS) <> Auth Server (AS) Integration Sep 19, 2022

sabineschaller changed the title ~~Rafiki: Rafiki (RS) <> Auth Server (AS) Integration~~ Rafiki: Rafiki (RS) <> Auth Server (AS) Integration: Access control and signing requests Sep 19, 2022

sabineschaller closed this as completed Jan 11, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Rafiki: Rafiki (RS) <> Auth Server (AS) Integration: Access control and signing requests #15

Rafiki: Rafiki (RS) <> Auth Server (AS) Integration: Access control and signing requests #15

matdehaast commented Sep 12, 2022 •

edited by sabineschaller

Rafiki: Rafiki (RS) <> Auth Server (AS) Integration: Access control and signing requests #15

Rafiki: Rafiki (RS) <> Auth Server (AS) Integration: Access control and signing requests #15

Comments

matdehaast commented Sep 12, 2022 • edited by sabineschaller

Summary

Intended Outcomes

How will it work?

Links

matdehaast commented Sep 12, 2022 •

edited by sabineschaller