Versions Compared

Version Old Version 1 New Version Current
Changes made by

Chris Michael

Warren Handley

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Expand
titleMENU
Table of Contents
stylenone

...

  1. Shall rely on ecosystem discovery services provided by the Trust Framework only.

  2. Shall derive necessary Authorisation Server metadata by relying on an Authorization Servers OpenID Connect Discovery services only.

  3. Shall obtain the information about the Resource Server endpoints using the Trust Framework Participants endpoint, reached on - https://data.directory.openfinance.ae/participants

  4. Shall use endpoints advertised in the mtls_endpoint_aliases authorization server’s metadata object as per clause 5 RFC 8705 OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens.

...

Attributes

Type

Description

How is it Managed

client_id

uri

A unique identifier assigned by the authorization server to the client application upon registration.

For the OIDC Federation Standard with Automatic Registration, the client_id must be equal to the Federation Entity Identifier.

Trust Framework

client_name

string

A human-readable name of the client application.

Participant

client_uri

uri

URL of the client application, providing information about the client.

For the OIDC Federation Standard with Automatic Registration, the client URI must be equal to the Federation Entity Identifier

Trust Framework

client_description

string

A brief description of the client application.

Participant

grant_types

array of strings

The list of OAuth 2.0 grant types that the client is allowed to use for obtaining tokens, such as authorization_code, client_credentials, and other.

Regulatory Roles

jwks_uri

uri

URI for the Client's JSON Web Key Set Document, which contains the client’s public keys.

For the CBUAE Ecosystem, the Key Sets are hosted by the Trust Framework.

Trust Framework

logo_uri

uri

URI of the Client Application Logo Image

Participant

scope

string

A space-delimited list of scopes that the client application is allowed to request.

Regulatory Roles

redirect_uris

array of strings

An Array containing all the redirect_uris that can be passed by the Client on the Authorization Request Object.

This URI is used to redirect the user back to the Client once the data consumption consent is granted/denied.

Participant

sector_identifier_uri

uri

URI of a JSON document containing an array of redirect_uris

Trust Framework

subject_type

string

Specifies the subject_type that can be requested by the Client .

For the CBUAE Ecosystem Public is centrally defined.

Trust Framework

software_version

number

Version of the Client Application

Participant

software_id

UUID

The Unique Identifier of the Client as defined on the Trust Framework upon its creation

Trust Framework

organisation_id

UUID

The Unique Identifier of the Organization that the client belongs to as defined on the Trust Framework upon the organization being onboarded

Trust Framework

response_types

array of strings

Specifies the `response_types` that can be requested by the client.

For the CBUAE Open Finance Ecosystem, as FAPI 2.0 is used, only a response of the code type is permitted .

Regulatory Roles

claims

array of strings

A List of strings representing the claims that the Client can request to be included as part of the the ID token.

Regulatory Roles

status

string

The Current Status of the Client on the Trust Framework.

One of: Active, Inactive, or Suspended.

Trust Framework/Participant

use_mtls_endpoint_aliases

Boolean

Defines if the Client is required to use the endpoints defined under the Authorisation Server Discovery Document mtls_endpoint_aliases attribute, or if it can use the endpoints defined on the top level of the Document

Trust Framework

token_endpoint_auth_method

string

Defines which OAuth Client Authentication Methods the Client can use.

For the CBUAE Open Finance Ecosystem, only the private_key_jwtclient authentication method is permitted since FAPI 2.0 is used.

Trust Framework

authorization_detaildetails_types

array of strings

Defines which authorization_detail types can be send by the Client on the Authorization Requests.

Regulatory Roles

...

Code Block
{
  "authority_hints": [
    "https://federation.sandbox.raidiam.io/federation_entity/221a1d6c-2ab2-4b43-9baf-dd8dbda5047b",
    ,
  "exp": 1709686928,
  "iat": 1709683328,
  "iss": "https://rp.sandbox.raidiam.io/openid_relying_party/703ec16c-b1c6-479c-b01b-cbb29ba78579",
  "jwks": {
    "keys": [
      {
        "e": "AQAB",
        "n": "i6tLgmVIaFgGz9oW3AnjeOi1LG0XxnJEwWgbo5HN0KcncscvUPKAfs3LqidvTemlXvjx0gGgSbQEeh8Hz8ZzTLMrFrugzCOZkGgPhIhS4TfrdgVZDUEjf2scFYSHBUj96GTtwzZ4ojJyEiQZq6TSIr_JCNE0L2QtI5jQEiVg032KA7K2ybQQCuV0v_5zcKL37xgxxl2Et554I45Z3mOZT5E3y6VX5q-hUQlwbOr_Lpg2huBkxxvuQWeuKSZ03CkazUrP7kk7w_2tVxD_ggv8QhoihPhpmI5_ytOLWgl5Pabdfcko_HwgNMoigmBSLYjwHuhF1XO4eZPkGzIajahNxw",
        "kty": "RSA",
        "kid": "mrk-093eca7d9865403fa9e9175e609541b5"
      }
    ]
  },
  "metadata": {
    "openid_relying_party": {
      "client_id": "https://rp.sandbox.raidiam.io/openid_relying_party/703ec16c-b1c6-479c-b01b-cbb29ba78579",
      "client_name": "Web Channel Application",
      "client_uri": "https://www.raidiam.com",
      "client_description": "This is the Description for the My Bank Conglomerate Web Channel Client",
      "client_registration_types": [
        "automatic"
      ],
      "claims": [
        "example",
      ],
      "grant_types": [
        "client_credentials",
        "refresh_token",
        "authorization_code",
        "implicit"
      ],
      "jwks_uri": "https://keystore.sandbox.raidiam.io/d46bd24f-cc59-48c6-935a-a7724d1ab4d6/703ec16c-b1c6-479c-b01b-cbb29ba78579/application.jwks",
      "logo_uri": "https://www.sweetbank.com/file.jpg",
      "organisation_name": "My Bank Conglomerate",
      "policy_uri": "https://www.policy.com",
      "redirect_uris": [
        "https://www.callback.com"
      ],
      "require_signed_request_object": true,
      "response_types": [
        "code"
      ],
      "scope": "accounts credit-cards loans",
      "status": "Active",
      "use_mtls_endpoint_aliases": True,
      "token_endpoint_auth_method": "private_key_jwt",
      "authorization_detaildetails_types":[
        "urn:openfinanceuae:service-initiation-consent:*",
        "urn:openfinanceuae:account-access-consent:*"
      ],
      "sector_identifier_uri": "https://keystore.sandbox.raidiam.io/d46bd24f-cc59-48c6-935a-a7724d1ab4d6/703ec16c-b1c6-479c-b01b-cbb29ba78579/redirect_uris.json",
      "software_id": "703ec16c-b1c6-479c-b01b-cbb29ba78579",
      "software_version": "1.00",
      "subject_type": "public",
      "tos_uri": "https://www.tos.com",
      "organisation_id": "d46bd24f-cc59-48c6-935a-a7724d1ab4d6",
    }
  },
  "sub": "https://rp.sandbox.raidiam.io/openid_relying_party/703ec16c-b1c6-479c-b01b-cbb29ba78579"
}

...

Code Block
[ 
  {
            "client_description": "This is the Description for the Raidiam Client",
            "client_name": "TestClient",
            "client_uri": "https://www.raidiam.com",
            "redirect_uris": [
                "https://www.redirect.com"
            ],
            "grant_types": [
              "client_credentials",
              "refresh_token",
              "authorization_code",
              "implicit"
            ],
         
            "logo_uri": "https://www.raidiam.com/logo.png",
            "scope": "accounts credit-cards loans",
            "jwks_uri": "https://keystore.sandbox.raidiam.io/d46bd24f-cc59-48c6-935a-a7724d1ab4d6/703ec16c-b1c6-479c-b01b-cbb29ba78579/application.jwks",
            "software_id": "4d8d5aed-2c1c-428a-b0b3-8069b6b3c69e",
            "software_version": 1.00,
            "client_id": "https://rp.sandbox.raidiam.io/openid_relying_party/703ec16c-b1c6-479c-b01b-cbb29ba78579",
            "subject_type": "public",
            "sector_identifier_uri": "https://keystore.sandbox.directory.openbankingbrasil.org.br/b961c4eb-509d-4edf-afeb-35642b38185d/4d8d5aed-2c1c-428a-b0b3-8069b6b3c69e/redirect_uris.json",
            "status": "Active",
            "organisation_id": "b961c4eb-509d-4edf-afeb-35642b38185d",
            "use_mtls_endpoint_aliases": True,
            "token_endpoint_auth_method": "private_key_jwt",
            "authorization_detaildetails_types":[
              "urn:openfinanceuae:service-initiation-consent:*",
              "urn:openfinanceuae:account-access-consent:*"
            ]
            "last_updated": "2023-02-28T12:18:13.936Z",
        }
]

...