From 82036a08c04e6b6cb45e5f4a4a9186574af0c88e Mon Sep 17 00:00:00 2001 From: sebdewet <131855195+sebdewet@users.noreply.github.com> Date: Tue, 26 Nov 2024 13:15:56 +0100 Subject: [PATCH 1/5] Update CAMARA-ICM-examples.md with CIBA examples --- documentation/CAMARA-ICM-examples.md | 52 ++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/documentation/CAMARA-ICM-examples.md b/documentation/CAMARA-ICM-examples.md index a2b371f1..43b715b8 100644 --- a/documentation/CAMARA-ICM-examples.md +++ b/documentation/CAMARA-ICM-examples.md @@ -92,7 +92,59 @@ login_hint=tel%3A%2B34666666666 ``` +#### Successful response + +See [CIBA Successful Authentication Response](https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html#rfc.section.7.3) + +``` + HTTP/1.1 200 OK + Content-Type: application/json + Cache-Control: no-store + + { + "auth_req_id": "3f7b2e8a-9cde-4f3b-8b12-1a2b3c4d5e6f", + "expires_in": 120, + "interval": 2 + } +``` +The Client MUST keep the auth_req_id in order to use when making a token request in Poll mode. +Expires_in and interval can differ + +#### Access token request + +See [CIBA Token Request](https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html#rfc.section.10.1) +``` + POST /token HTTP/1.1 + Host: server.example.com + Content-Type: application/x-www-form-urlencoded + + grant_type=urn%3Aopenid%3Aparams%3Agrant-type%3Aciba& + auth_req_id=3f7b2e8a-9cde-4f3b-8b12-1a2b3c4d5e6f& + client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3A + client-assertion-type%3Ajwt-bearer& +client_assertion=eyJraWQiOiJzYW1wbGUxIiwibmFtZSI6IkV4YW1wbGUifQ.eyJpc3MiOiJ0ZXN0VXNlciIsInN1YiI6InRlc3RzdWJqZWN0IiwidXNlciI6Imh0dHBzOi8vYXBpLmV4YW1wbGUuY29tIiwianRpIjoiLV9wMTZqNkhjaVhvMzE3aHZaMzEyYyIsImlhdCI6MTYwMDAwMDAwMCwiZXhwIjoxNjAwMDAwNjAwfQ.abcD1234-56efG7hI8jK9lM0nPqRstUvwXYZ + +``` + +#### Successful response + +See [CIBA Successful Token Response](https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html#rfc.section.10.1.1) + +``` + + HTTP/1.1 200 OK + Content-Type: application/json + Cache-Control: no-store + + { + "access_token": "G5kXH2wHvUra0sHlDy1iTkDJgsgUO1bN", + "token_type": "Bearer", + "refresh_token": "4bwc0ESC_IAhflf-ACC_vjD_ltc11ne-8gFPfA2Kx16", + "expires_in": 120, + "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjE2NzcyNyJ9.eyJpc3MiOiJodHRwczovL3NlcnZlci5leGFtcGxlLmNvbSIsInN1YiI6IjI0ODI4OTc2MTAwMiIsImF1ZCI6InM2QmhkUmtxdDMiLCJlbWFpbCI6Im1vY2tAZXhhbXBsZS5jb20iLCJleHAiOjE1Mzc4MTk4MDQsImlhdCI6MTUzNzgxOTUwNH0.bVq83mdy72ddIFVJLjlNBX-5JHbjmwK-Sn9Mir-blesfYMceIOw6u4GOrO_ZroDnnbJXNKWAg_dxVynvMHnk3uJc46feaRIL4zfHf6Anbf5_TbgMaVO8iczD16A5gNjSD7yenT5fslrrW-NU_vtmi0s1puoM4EmSaPXCR19vRJyWuStJiRHK5yc3BtBlQ2xwxH1iNP49rGAQe_LHfW1G74NY5DaPv-V23JXDNEIUTY-jT-NbbtNHAxnhNPyn8kcO2WOoeIwANO9BfLF1EFWtjGPPMj6kDVrikec47yK86HArGvsIIwk1uExynJIv_tgZGE0eZI7MtVb2UlCwDQrVlg" + } +``` From dc03365d3918922e9034be482871d4bcf0e0aa52 Mon Sep 17 00:00:00 2001 From: sebdewet <131855195+sebdewet@users.noreply.github.com> Date: Tue, 24 Dec 2024 13:55:01 +0100 Subject: [PATCH 2/5] Update documentation/CAMARA-ICM-examples.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Jesús Peña García-Oliva --- documentation/CAMARA-ICM-examples.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/documentation/CAMARA-ICM-examples.md b/documentation/CAMARA-ICM-examples.md index 43b715b8..8f1e1e6f 100644 --- a/documentation/CAMARA-ICM-examples.md +++ b/documentation/CAMARA-ICM-examples.md @@ -107,8 +107,8 @@ See [CIBA Successful Authentication Response](https://openid.net/specs/openid-cl "interval": 2 } ``` -The Client MUST keep the auth_req_id in order to use when making a token request in Poll mode. -Expires_in and interval can differ +The Client MUST keep the `auth_req_id` in order to use it when making a token request in Poll mode. +Please note that the values for `expires_in` and `interval` may differ. #### Access token request From 582ea08bfcb5346963dcd5f88342be6f896b108e Mon Sep 17 00:00:00 2001 From: sebdewet <131855195+sebdewet@users.noreply.github.com> Date: Tue, 24 Dec 2024 14:26:04 +0100 Subject: [PATCH 3/5] Update CAMARA-ICM-examples.md --- documentation/CAMARA-ICM-examples.md | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/documentation/CAMARA-ICM-examples.md b/documentation/CAMARA-ICM-examples.md index 8f1e1e6f..f59779ab 100644 --- a/documentation/CAMARA-ICM-examples.md +++ b/documentation/CAMARA-ICM-examples.md @@ -83,12 +83,17 @@ Content-Type: application/json See [CIBA authentication request](https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html#rfc.section.7.1) ``` -POST /bc-authorize HTTP/1.1 + POST /bc-authorize HTTP/1.1 Host: server.example.com Content-Type: application/x-www-form-urlencoded -scope=openid%20dpv%3AFraudPreventionAndDetection%20sim-swap%3Acheck%20sim-swap%3Aretrieve-date& -login_hint=tel%3A%2B34666666666 + scope=openid%20dpv%3AFraudPreventionAndDetection%20sim-swap%3Acheck%20sim-swap%3Aretrieve-date& + client_notification_token=8d67dc78-7faa-4d41-aabd-67707b374255& + binding_message=W4SCT& + login_hint_token=tel%3A%2B34666666666& + client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3A + client-assertion-type%3Ajwt-bearer& +client_assertion=eyJraWQiOiJleGFtcGxlS2V5IiwibmFtZSI6IkpvaG4gRG9lIiwic3ViIjoiVXNlciIsImF1ZCI6Imh0dHBzOi8vZXhhbXBsZS5jb20iLCJpYXQiOjE2MzQ5MjM0NTYsImV4cCI6MTYzNDkyNzA1Nn0.eyJzdWIiOiJ1c2VyQGV4YW1wbGUuY29tIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNjM0OTIzNDU2fQ.5eym8q8q8q8q8q8q8q8q8q8q8q8q8q8q8q8q8q8q8q8q8q8q8q8q8q8q8q8q8q8q8q8q8q8q8q8q ``` From 2db0edd4e5aac55c87bff1daee9a83a6cfaa6117 Mon Sep 17 00:00:00 2001 From: sebdewet <131855195+sebdewet@users.noreply.github.com> Date: Tue, 24 Dec 2024 14:30:03 +0100 Subject: [PATCH 4/5] Update CAMARA-ICM-examples.md --- documentation/CAMARA-ICM-examples.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/documentation/CAMARA-ICM-examples.md b/documentation/CAMARA-ICM-examples.md index f59779ab..1e4a35e8 100644 --- a/documentation/CAMARA-ICM-examples.md +++ b/documentation/CAMARA-ICM-examples.md @@ -74,7 +74,7 @@ Content-Type: application/json "refresh_token": "8xLOxBtZp8", "expires_in": 3600, "id_token": "eyJhbGciOiJSUz....", - "scope": "dpv:FraudPreventionAndDetection sim-swap:check sim-swap:retrieve-date" + "scope": "dpv:FraudPreventionAndDetection sim-swap:retrieve-date" } ``` From 5ed432d7a11c643a6188a55963e428d934f0268e Mon Sep 17 00:00:00 2001 From: sebdewet <131855195+sebdewet@users.noreply.github.com> Date: Tue, 24 Dec 2024 14:33:05 +0100 Subject: [PATCH 5/5] Update CAMARA-ICM-examples.md --- documentation/CAMARA-ICM-examples.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/documentation/CAMARA-ICM-examples.md b/documentation/CAMARA-ICM-examples.md index 1e4a35e8..d120f4a5 100644 --- a/documentation/CAMARA-ICM-examples.md +++ b/documentation/CAMARA-ICM-examples.md @@ -77,6 +77,8 @@ Content-Type: application/json "scope": "dpv:FraudPreventionAndDetection sim-swap:retrieve-date" } ``` +In this example, scopes differs from the one defined in the /authorize. If scopes are identical in /authorize and in the successful response, parameter scope isn't returned. + #### CIBA authentication request with one purpose and two scopes