| Info |
|---|
This is available only as a WUM update and is effective from July 2, 2019 (07-02-2019). For more information on updating WSO2 Open Banking, see Updating WSO2 Products. |
...
According to the OBIE, the Account Servicing Payment Service Providers (ASPSPs) need to make sure that the TPPs can be registered in a seamless and ideally, a fully automated process. In order to avoid any obstacles that may occur, the OBIE requires the ASPSPs to provide the TPP responses real-time once the registration is processed. The Dynamic Client Registration (DCR) endpoint is capable of dynamically registering the clients with the ASPSP when the client sends a registration request with its metadata. This results in a registration response that includes a client identifier and the client metadata values registered for the client.
...
Updating open-banking.xml
- Open the
<WSO2_OB_APIM_HOME>/repository/conf/finance/open-banking.xml file. Add the <UseSoftwareIdAsApplicationName> property under the <DCR> tag and set it to true.
Setting Setting this property to true ensures that the SoftwareId in Software Statement Assertion is used as the application name.
| Code Block |
|---|
|
<DCR>
<UseSoftwareIdAsApplicationName>true</UseSoftwareIdAsApplicationName>
</DCR> |
Updating api-manager.xml
To store any properties retrieved from the SSA, add the server-level configuration to the <OB_APIM_HOME>/repository/conf/api-manager.xml file as explained here . Ideally, place the following ApplicationConfiguration at the end of the file within the APIManager element.
For example, if you want to store software_client_id retrieved from the SSA created in the sandbox environment, the property name should look like: software_client_id_sandbox. Similarly, to store the software_client_id retrieved from the SSA created in a production environment, the property name should be: software_client_id_production. Make sure you add these properties as false, as required.
In addition to these, include software_jwks_endpoint in the SSA. This is required to obtain an access token for the application.
| Expand |
|---|
| title | Click here to see api-manager.xml configurations |
|---|
|
| Code Block |
|---|
|
<ApplicationConfiguration>
<ApplicationAttributes>To validate the JTI claims in the DCR request JWT and the SSA, add the following configurations under the <UK><DCR>tags:
| Info |
|---|
This is available only as a WUM update and is effective from March 03, 2019 (03-03-2019). For more information on updating WSO2 Open Banking, see Updating WSO2 Products. |
| Code Block |
|---|
|
<UK>
<DCR>
<EnableRequestJtiValidation>true</EnableRequestJtiValidation>
<Attribute required="false"> <EnableSsaJtiValidation>true</EnableSsaJtiValidation>
<Name>software_id_sandbox</Name>
<Description>Software ID of the sandbox</Description>
</Attribute>
<Attribute required="false">
<Name>software_id_production</Name>
<Description>Software ID of the production</Description>
</Attribute>
<Attribute required="false">
<Name>software_roles_sandbox</Name>
<Description>Software roles of the sandbox</Description>
</Attribute>
<Attribute required<JtiCacheExpiryTime>60</JtiCacheExpiryTime> |
Updating api-manager.xml
To store any properties retrieved from the SSA, add the server-level configuration to the <OB_APIM_HOME>/repository/conf/api-manager.xml file as explained here . Ideally, place the following ApplicationConfiguration at the end of the file within the APIManager element.
For example, if you want to store software_client_id retrieved from the SSA created in the sandbox environment, the property name should look like: software_client_id_sandbox. Similarly, to store the software_client_id retrieved from the SSA created in a production environment, the property name should be: software_client_id_production. Make sure you add these properties as false, as required.
In addition to these, include software_jwks_endpoint in the SSA. This is required to obtain an access token for the application.
| Expand |
|---|
| title | Click here to see api-manager.xml configurations |
|---|
|
| Code Block |
|---|
| <ApplicationConfiguration>
<ApplicationAttributes>
<Attribute required="false">
<Name>software_rolesid_production<sandbox</Name>
<Description>Software rolesID of the production<sandbox</Description>
</Attribute>
<Attribute required="false">
<Name>software_jwksid_endpoint_sandbox<production</Name>
<Description>JWKS<Description>Software endpointID of the sandbox<production</Description>
</Attribute>
<Attribute required="false">
<Name>software_jwksroles_endpoint_production<sandbox</Name>
<Description>JWKS<Description>Software endpointroles of production<the sandbox</Description>
</Attribute>
<Attribute required="false">
<Name>org<Name>software_idroles_sandbox<production</Name>
<Description>Organization<Description>Software IDroles of the sandbox<production</Description>
</Attribute>
<Attribute required="false">
<Name>org<Name>software_jwks_idendpoint_production<sandbox</Name>
<Description>Organization<Description>JWKS IDendpoint of the production<sandbox</Description>
</Attribute>
<Attribute required="false">
<Name>software_onjwks_behalf_of_org_sandbox<endpoint_production</Name>
<Description>Software<Description>JWKS on behalfendpoint of org of sandbox<production</Description>
</Attribute>
<Attribute required="false">
<Name>ssoftware<Name>software_on_behalf_of_org_production<sandbox</Name>
<Description>Software on behalf of org of production<sandbox</Description>
</Attribute>
<Attribute required="false">
<Name>org_name_sandbox<<Name>ssoftware_on_behalf_of_org_production</Name>
<Description>Software <Description>Orgon namebehalf of theorg of sandbox<production</Description>
</Attribute>
<Attribute required="false">
<Name>org_name_production<sandbox</Name>
<Description>Org name of the production<sandbox</Description>
</Attribute>
<Attribute required="false">
<Name>software_client<Name>org_name_sandbox<production</Name>
<Description>Software<Description>Org client name of the sandbox<production</Description>
</Attribute>
<Attribute required="false">
<Name>software_client_name_production</Name>
<Description>Software client name of the production</Description>
</Attribute>
</ApplicationAttributes>
</ApplicationConfiguration> |
|
note</ApplicationAttributes>
</ApplicationConfiguration> |
|
| Note |
|---|
| Info |
|---|
This is available only as a WUM update and is effective from November 13, 2019 (11-13-2019). For more information on updating WSO2 Open Banking, see Updating WSO2 Products. |
In the API Store, you can display both name and ID of the application if you have enabled UseSoftwareIdAsApplicationName feature and configured the software_client_name attributes. Add the following to the <WSO2_OB_APIM_HOME>/repository/conf/api-manager.xml file under <ApplicationAttributes>: | Code Block |
|---|
| <Attribute required="false">
<Name>software_client_name_sandbox</Name>
<Description>Software Client Name of the sandbox</Description>
</Attribute>
<Attribute required="false">
<Name>software_client_name_production</Name>
<Description>Software Client Name of the production</Description>
</Attribute> |
Open <WSO2_OB_APIM_HOME>/repository/deployment/server/jaggeryapps/store/site/conf/site.json and set the following value to true: | Code Block |
|---|
| "UseSoftwareIdAsApplicationName" : true |
Add the given key-value pair to the following files: <WSO2_OB_APIM_HOME>/repository/deployment/server/jaggeryapps/store/site/conf/locales/jaggery/locale_default.json<WSO2_OB_APIM_HOME>/repository/deployment/server/jaggeryapps/store/site/conf/locales/jaggery/locale_en.json
Once you follow the above instructions, notice the additional column ID under the Applications tab of the API Store. |
Configuring application deletion workflow
| Info |
|---|
This feature is available as a product update from September 4, 2019 (09-04-2019) onwards. |
- Sign in to the API Manager Management Console at
https://<WSO2_OB_APIM_HOST>:9443/carbon, using the super admin credentials.
- On the Main tab, click Resources > Browse.
- Locate the
/_system/governance/apimgt/applicationdata/workflow-extensions.xml registry file.
- Click
workflow-extensions.xml to edit the file. Under the Content section, click Edit as text.
Update the ApplicationDeletion executor value as follows:
| Code Block |
|---|
|
<ApplicationDeletion executor="com.wso2.finance.app.deletion.impl.ApplicationDeletionWorkflow"/>
|
- Click Save Content.
[Back To Top]
Registering an application
| Tip |
|---|
To get the public transport and signing certificates, enrol the TPP in the Open Banking Directory and upload the Certificate Signing Request (CSR).
 |
The API allows the TPP to request the ASPSP to register a new client. The process is as follows:
The TPP sends a registration request,
This is a POST request including an SSA (Software Statement Assertion) as a claim in the payload.
The SSA is sent as a signed JWT, which is obtained from the Open Banking Directory. This contains the client metadata.
| Note |
|---|
The software statement (SSA) should be obtained from the Open Banking Directory by the TPP. The SSA is a signed JWT issued by the Open Banking directory. |
The automated DCR process is carried out by calling a synapse API in the gateway. The registration request relies on Mutual TLS authentication for TPP authentication.
An example request sent to the DCR registration endpoint is shown below:
| Code Block |
|---|
curl -X POST \
https://localhost:<WSO2_OB_APIM_HOST>:8243/open-banking/v3.2/register \
-H 'Content-Type: application/jwt' \
--cert <TRANSPORT_PUBLIC_KEY_FILE_PATH> --key <TRANSPORT_PRIVATE_KEY_FILE_PATH> \
-d eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImhjZ2V4dWd1VmI1cllTWVZCc2wtYzloQlB2WSJ9eyJ0eXAiOiJKV1QiLCJhbGciOiJQUzI1NiIsImtpZCI6IkR3TUtkV01tajdQV2ludm9xZlF5WFZ6eVo2USJ9.eyJpc3MiOiJXU08yIFRQUCIsImlhdCI6MTU1NDE4NDc2NiwiZXhwIjoxNzQzNTczNTY1LCJqdGkiOiI5MjcxMzg5Mi01NTE0LTExZTktODY0Ny1kNjYzYmQ4NzNkOTMiLCJhdWQiOiJodHRwczovL2xvY2FsYmFuay5jb20iLCJzY29wZSI6ImFjY291bnRzIHBheW1lbnRzIiwidG9rZW5fZW5kcG9pbnRfYXV0aF9tZXRob2QiOiJwcml2YXRlX2tleV9qd3QiLCJncmFudF90eXBlcyI6WyJhdXRob3JpemF0aW9uX2NvZGUiLCJyZWZyZXNoX3Rva2VuIl0sInJlc3BvbnNlX3R5cGVzIjpbImNvZGUiLCJjb2RlIGlkX3Rva2VuIl0sImlkX3Rva2VuX3NpZ25lZF9yZXNwb25zZV9hbGciOiJFUzI1NiIsInJlcXVlc3Rfb2JqZWN0X3NpZ25pbmdfYWxnIjoiRVMyNTYiLCJzb2Z0d2FyZV9pZCI6IlZnUU9JQk1laFBubExVUXcwQkZNNVMiLCJhcHBsaWNhdGlvbl90eXBlIjoid2ViIiwicmVkaXJlY3RfdXJpcyI6WyJodHRwczovL3dzbzIuY29tL3JlZGlyZWN0Il0sInNvZnR3YXJlX3N0YXRlbWVudCI6ImV5SjBlWEFpT2lKS1YxUWlMQ0poYkdjaU9pSklVekkxTmlKOS5leUpwYzNNaU9pSlBjR1Z1UW1GdWEybHVaeUlzSW1saGRDSTZNVFE1T1Rnd05UZzBPQ3dpWlhod0lqb3hOVE14TXpReE9EUTRMQ0poZFdRaU9pSkZlR0Z0Y0d4bElGUlFVQ0lzSW5OMVlpSTZJa1Y0WVcxd2JHVWdWRkJRSWl3aVQySlVVRkJKWkNJNklrbEVRVzFoZW05dUlpd2lUMkpVVUZCU2IyeGxJam9pVUVsVFVDSjkuUnJydEpYbmZmSzVjOHJJeEczUm93QXNRZWNlSDNvWlFXTWJwZ0hENzhPOCJ9eyJpc3MiOiI5YjV1c0RwYk50bXhEY1R6czdHektwIiwiaWF0IjoxNjAxOTgyMDQyLCJleHAiOjE2MDcyNTI0NDIsImp0aSI6IjE2MDE5ODIwNDYiLCJhdWQiOiJodHRwczovL2xvY2FsaG9zdDo4MjQzL3Rva2VuIiwic2NvcGUiOiJhY2NvdW50cyBwYXltZW50cyIsInRva2VuX2VuZHBvaW50X2F1dGhfbWV0aG9kIjoicHJpdmF0ZV9rZXlfand0IiwiZ3JhbnRfdHlwZXMiOlsiYXV0aG9yaXphdGlvbl9jb2RlIiwicmVmcmVzaF90b2tlbiJdLCJyZXNwb25zZV90eXBlcyI6WyJjb2RlIGlkX3Rva2VuIl0sImlkX3Rva2VuX3NpZ25lZF9yZXNwb25zZV9hbGciOiJQUzI1NiIsInJlcXVlc3Rfb2JqZWN0X3NpZ25pbmdfYWxnIjoiUFMyNTYiLCJzb2Z0d2FyZV9pZCI6IjliNXVzRHBiTnRteERjVHpzN0d6S3AiLCJhcHBsaWNhdGlvbl90eXBlIjoid2ViIiwicmVkaXJlY3RfdXJpcyI6WyJodHRwczovL3dzbzIuY29tIl0sInRva2VuX2VuZHBvaW50X2F1dGhfc2lnbmluZ19hbGciOiJQUzI1NiIsInNvZnR3YXJlX3N0YXRlbWVudCI6ImV5SmhiR2NpT2lKUVV6STFOaUlzSW10cFpDSTZJa2g2WVRsMk5XSm5SRXBqVDI1b1kxVmFOMEpOZDJKVFRGODBUbFl3WjFOR2RrbHFZVk5ZWkVNdE1XTTlJaXdpZEhsd0lqb2lTbGRVSW4wLmV5SnBjM01pT2lKUGNHVnVRbUZ1YTJsdVp5Qk1kR1FpTENKcFlYUWlPakUxT1RJek5qUTFOamdzSW1wMGFTSTZJak5rTVdJek5UazFaV1poWXpSbE16WWlMQ0p6YjJaMGQyRnlaVjlsYm5acGNtOXViV1Z1ZENJNkluTmhibVJpYjNnaUxDSnpiMlowZDJGeVpWOXRiMlJsSWpvaVZHVnpkQ0lzSW5OdlpuUjNZWEpsWDJsa0lqb2lPV0kxZFhORWNHSk9kRzE0UkdOVWVuTTNSM3BMY0NJc0luTnZablIzWVhKbFgyTnNhV1Z1ZEY5cFpDSTZJamxpTlhWelJIQmlUblJ0ZUVSalZIcHpOMGQ2UzNBaUxDSnpiMlowZDJGeVpWOWpiR2xsYm5SZmJtRnRaU0k2SWxkVFR6SWdUM0JsYmlCQ1lXNXJhVzVuSUZSUVVDQW9VMkZ1WkdKdmVDa2lMQ0p6YjJaMGQyRnlaVjlqYkdsbGJuUmZaR1Z6WTNKcGNIUnBiMjRpT2lKVWFHbHpJRlJRVUNCSmN5QmpjbVZoZEdWa0lHWnZjaUIwWlhOMGFXNW5JSEIxY25CdmMyVnpMaUFpTENKemIyWjBkMkZ5WlY5MlpYSnphVzl1SWpveExqVXNJbk52Wm5SM1lYSmxYMk5zYVdWdWRGOTFjbWtpT2lKb2RIUndjem92TDNkemJ6SXVZMjl0SWl3aWMyOW1kSGRoY21WZmNtVmthWEpsWTNSZmRYSnBjeUk2V3lKb2RIUndjem92TDNkemJ6SXVZMjl0SWwwc0luTnZablIzWVhKbFgzSnZiR1Z6SWpwYklrRkpVMUFpTENKUVNWTlFJbDBzSW05eVoyRnVhWE5oZEdsdmJsOWpiMjF3WlhSbGJuUmZZWFYwYUc5eWFYUjVYMk5zWVdsdGN5STZleUpoZFhSb2IzSnBkSGxmYVdRaU9pSlBRa2RDVWlJc0luSmxaMmx6ZEhKaGRHbHZibDlwWkNJNklsVnVhMjV2ZDI0d01ERTFPREF3TURBeFNGRlJjbHBCUVZnaUxDSnpkR0YwZFhNaU9pSkJZM1JwZG1VaUxDSmhkWFJvYjNKcGMyRjBhVzl1Y3lJNlczc2liV1Z0WW1WeVgzTjBZWFJsSWpvaVIwSWlMQ0p5YjJ4bGN5STZXeUpCU1ZOUUlpd2lVRWxUVUNKZGZTeDdJbTFsYldKbGNsOXpkR0YwWlNJNklrbEZJaXdpY205c1pYTWlPbHNpUVVsVFVDSXNJbEJKVTFBaVhYMHNleUp0WlcxaVpYSmZjM1JoZEdVaU9pSk9UQ0lzSW5KdmJHVnpJanBiSWtGSlUxQWlMQ0pRU1ZOUUlsMTlYWDBzSW5OdlpuUjNZWEpsWDJ4dloyOWZkWEpwSWpvaWFIUjBjSE02THk5M2MyOHlMbU52YlM5M2MyOHlMbXB3WnlJc0ltOXlaMTl6ZEdGMGRYTWlPaUpCWTNScGRtVWlMQ0p2Y21kZmFXUWlPaUl3TURFMU9EQXdNREF4U0ZGUmNscEJRVmdpTENKdmNtZGZibUZ0WlNJNklsZFRUeklnS0ZWTEtTQk1TVTFKVkVWRUlpd2liM0puWDJOdmJuUmhZM1J6SWpwYmV5SnVZVzFsSWpvaVZHVmphRzVwWTJGc0lpd2laVzFoYVd3aU9pSnpZV05vYVc1cGMwQjNjMjh5TG1OdmJTSXNJbkJvYjI1bElqb2lLemswTnpjME1qYzBNemMwSWl3aWRIbHdaU0k2SWxSbFkyaHVhV05oYkNKOUxIc2libUZ0WlNJNklrSjFjMmx1WlhOeklpd2laVzFoYVd3aU9pSnpZV05vYVc1cGMwQjNjMjh5TG1OdmJTSXNJbkJvYjI1bElqb2lLemswTnpjME1qYzBNemMwSWl3aWRIbHdaU0k2SWtKMWMybHVaWE56SW4xZExDSnZjbWRmYW5kcmMxOWxibVJ3YjJsdWRDSTZJbWgwZEhCek9pOHZhMlY1YzNSdmNtVXViM0JsYm1KaGJtdHBibWQwWlhOMExtOXlaeTUxYXk4d01ERTFPREF3TURBeFNGRlJjbHBCUVZndk1EQXhOVGd3TURBd01VaFJVWEphUVVGWUxtcDNhM01pTENKdmNtZGZhbmRyYzE5eVpYWnZhMlZrWDJWdVpIQnZhVzUwSWpvaWFIUjBjSE02THk5clpYbHpkRzl5WlM1dmNHVnVZbUZ1YTJsdVozUmxjM1F1YjNKbkxuVnJMekF3TVRVNE1EQXdNREZJVVZGeVdrRkJXQzl5WlhadmEyVmtMekF3TVRVNE1EQXdNREZJVVZGeVdrRkJXQzVxZDJ0eklpd2ljMjltZEhkaGNtVmZhbmRyYzE5bGJtUndiMmx1ZENJNkltaDBkSEJ6T2k4dmEyVjVjM1J2Y21VdWIzQmxibUpoYm10cGJtZDBaWE4wTG05eVp5NTFheTh3TURFMU9EQXdNREF4U0ZGUmNscEJRVmd2T1dJMWRYTkVjR0pPZEcxNFJHTlVlbk0zUjNwTGNDNXFkMnR6SWl3aWMyOW1kSGRoY21WZmFuZHJjMTl5WlhadmEyVmtYMlZ1WkhCdmFXNTBJam9pYUhSMGNITTZMeTlyWlhsemRHOXlaUzV2Y0dWdVltRnVhMmx1WjNSbGMzUXViM0puTG5Wckx6QXdNVFU0TURBd01ERklVVkZ5V2tGQldDOXlaWFp2YTJWa0x6bGlOWFZ6UkhCaVRuUnRlRVJqVkhwek4wZDZTM0F1YW5kcmN5SXNJbk52Wm5SM1lYSmxYM0J2YkdsamVWOTFjbWtpT2lKb2RIUndjem92TDNkemJ6SXVZMjl0SWl3aWMyOW1kSGRoY21WZmRHOXpYM1Z5YVNJNkltaDBkSEJ6T2k4dmQzTnZNaTVqYjIwaUxDSnpiMlowZDJGeVpWOXZibDlpWldoaGJHWmZiMlpmYjNKbklqb2lWMU5QTWlCUGNHVnVJRUpoYm10cGJtY2lmUS5DQTE0b2dkY3BOd29IaUlKb3o2bVR4TnBNMndScnFpWkFjYm1LMFJuRHgyR0ROM0JIWW5aRzBFcTZWZ3lQYlByY1J5ZldsOGpRczJFU3NXYzVKU0J3ZWpIYnZwbng3a1ZCeVlrRzQ0ZGhvemFQQU5FWmx0Tmo0TTkxMkNnSGVLUGRfZDB1SUQ4ZElVcThfczJrWU1zb0NjY0JxR3lGVEl5bVZLMDFIWF9YXy1UN25wR19vdkU4Q0xnaWxNRmtpank1UGlGQzgzaG9weGl4ZVFmUmdkbUhDUl8xYm9rc2JGREszUlBJRWU1UGlPRHZYOHZsV0I4aVVHeTdQR3paMGlrWEJEMGx4OXAxQUpFeVlGM3gxcENqc1NIOHRKQzVFNUNHMHhaTFFQUGtUM0FfU3BqaVVoNUVsTmROY21UUG93MkxWU3hQOVF1c040dldwRU1VTmQ5cHcifQ.s6btE-mH138nbVW4CGm5ER_aGN4SYqN2aq-FA2C3vlZhCiiNNULPIyC_HvxW1Mhi6UBZdokt9ofQnMyjLw1vSOPKgW3DZSYQtn0EWRj0KUhSWS0SJjMlVSE-hOIFxnjN0UjqNCsqAfvWj_HxXaRmbdFL4NdxPPOi2Qc4Dg6cMdOH7JGM374QeGM0rmu8n3u2od6zXlJPFjeVC1SCVdXbEL7mSWoblR30-RIij_QZyUrE2AB2cvE_m5sg5sINkigYmH19MzkfkYiku-lrndflmZOiw9dev0UBuLOQX5X4OjFrXfgwWzLFvXCSO0rabGbLgruu5ZFWjmt9iEVq0a8oEw |
Given below is the format of the payload JWTkq8UsDUcb6Ee55w4U4JhiifyUB0sSiTAnobLV1bwujfS2msdUfxDHqVjyrvx4NvPd54sXg3_k1EIRHLT4vT-zUkojqtWiB_v2ndo5UqvPUrIFoqY0IQznKBfD6cLlGQ0laYqxm_GJWAEdEv_O8Ggw_z1DMiZZRHF9Oln9zZtT95JcGeJ8JCQVDkaX_AM-fZrVaixfD4iBfy-n4H6LHCy94c1DrCM9wEGr7XfHLAVNdZe2Qbyjf1sVEPukK_ccw4AYcWUo3UJQ2WIKxZL4fBmb_3Z0ez9k31k6in86Hg4tHO9itXSVJvvzn8oAaYXXQrxfk4N1CojV3zk1bkhy6In3Q |
| Anchor |
|---|
| signingCertificateinDCR |
|---|
| signingCertificateinDCR |
|---|
|
The payload is a signed JWT payload. To sign it, use the signing certificate issued by the Open Banking Directory. The The kid parameter of the header should match the values in the kid of the signing certificate provided by the Open Banking Directory.
| Code Block |
|---|
language | xml| Expand |
|---|
| title | Click here to see the format of the JWT payload once decoded. |
|---|
|
scopeaccounts payments
client_secret_expires_at0 software_statementeyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPcGVuQmFua2luZyIsImlhdCI6MTQ5OTgwNTg0OCwiZXhwIjoxNTMxMzQxODQ4LCJhdWQiOiJFeGFtcGxlIFRQUCIsInN1YiI6IkV4YW1wbGUgVFBQIiwiT2JUUFBJZCI6IklEQW1hem9uIiwiT2JUUFBSb2xlIjoiUElTUCJ9.RrrtJXnffK5c8rIxG3RowAsQeceH3oZQWMbpgHD78O8DwMKdWMmj7PWinvoqfQyXVzyZ6Q" |
,grant_types["9b5usDpbNtmxDcTzs7GzKp",
"iat": 1601982042,
|
"authorization_code" refresh_token"
],
"request_object_signing_algES256https://localhost:8243/token", |
software_idVgQOIBMehPnlLUQw0BFM5S id_signedresponsealgES256 redirecturistypes": [
"authorization_code",
" |
https://wso2.com/redirect"
token_endpoint_auth_method": "private_key_jwt",
" ",
"code
application_typeid_token_signed_response_alg": " |
web "client_id"request_object_signing_alg": " |
OBPK4uphJ5eTPfEteASUfs8plzsaPS256",
"software_id": "9b5usDpbNtmxDcTzs7GzKp",
" |
clientsecretP832Qflz1sI5DJNSgNa83aFwydsa"client_id_issued_at": 1563466935
} |
Include the following claims in the body of the request "https://wso2.com"
],
"token_endpoint_auth_signing_alg": "PS256",
"software_statement": "eyJhbGciOiJQUzI1NiIsImtpZCI6Ikh6YTl2NWJnREpjT25oY1VaN0JNd2JTTF80TlYwZ1NGdklqYVNYZEMtMWM9IiwidHlwIjoiSldUIn0.eyJpc3MiOiJPcGVuQmFua2luZyBMdGQiLCJpYXQiOjE1OTIzNjQ1NjgsImp0aSI6IjNkMWIzNTk1ZWZhYzRlMzYiLCJzb2Z0d2FyZV9lbnZpcm9ubWVudCI6InNhbmRib3giLCJzb2Z0d2FyZV9tb2RlIjoiVGVzdCIsInNvZnR3YXJlX2lkIjoiOWI1dXNEcGJOdG14RGNUenM3R3pLcCIsInNvZnR3YXJlX2NsaWVudF9pZCI6IjliNXVzRHBiTnRteERjVHpzN0d6S3AiLCJzb2Z0d2FyZV9jbGllbnRfbmFtZSI6IldTTzIgT3BlbiBCYW5raW5nIFRQUCAoU2FuZGJveCkiLCJzb2Z0d2FyZV9jbGllbnRfZGVzY3JpcHRpb24iOiJUaGlzIFRQUCBJcyBjcmVhdGVkIGZvciB0ZXN0aW5nIHB1cnBvc2VzLiAiLCJzb2Z0d2FyZV92ZXJzaW9uIjoxLjUsInNvZnR3YXJlX2NsaWVudF91cmkiOiJodHRwczovL3dzbzIuY29tIiwic29mdHdhcmVfcmVkaXJlY3RfdXJpcyI6WyJodHRwczovL3dzbzIuY29tIl0sInNvZnR3YXJlX3JvbGVzIjpbIkFJU1AiLCJQSVNQIl0sIm9yZ2FuaXNhdGlvbl9jb21wZXRlbnRfYXV0aG9yaXR5X2NsYWltcyI6eyJhdXRob3JpdHlfaWQiOiJPQkdCUiIsInJlZ2lzdHJhdGlvbl9pZCI6IlVua25vd24wMDE1ODAwMDAxSFFRclpBQVgiLCJzdGF0dXMiOiJBY3RpdmUiLCJhdXRob3Jpc2F0aW9ucyI6W3sibWVtYmVyX3N0YXRlIjoiR0IiLCJyb2xlcyI6WyJBSVNQIiwiUElTUCJdfSx7Im1lbWJlcl9zdGF0ZSI6IklFIiwicm9sZXMiOlsiQUlTUCIsIlBJU1AiXX0seyJtZW1iZXJfc3RhdGUiOiJOTCIsInJvbGVzIjpbIkFJU1AiLCJQSVNQIl19XX0sInNvZnR3YXJlX2xvZ29fdXJpIjoiaHR0cHM6Ly93c28yLmNvbS93c28yLmpwZyIsIm9yZ19zdGF0dXMiOiJBY3RpdmUiLCJvcmdfaWQiOiIwMDE1ODAwMDAxSFFRclpBQVgiLCJvcmdfbmFtZSI6IldTTzIgKFVLKSBMSU1JVEVEIiwib3JnX2NvbnRhY3RzIjpbeyJuYW1lIjoiVGVjaG5pY2FsIiwiZW1haWwiOiJzYWNoaW5pc0B3c28yLmNvbSIsInBob25lIjoiKzk0Nzc0Mjc0Mzc0IiwidHlwZSI6IlRlY2huaWNhbCJ9LHsibmFtZSI6IkJ1c2luZXNzIiwiZW1haWwiOiJzYWNoaW5pc0B3c28yLmNvbSIsInBob25lIjoiKzk0Nzc0Mjc0Mzc0IiwidHlwZSI6IkJ1c2luZXNzIn1dLCJvcmdfandrc19lbmRwb2ludCI6Imh0dHBzOi8va2V5c3RvcmUub3BlbmJhbmtpbmd0ZXN0Lm9yZy51ay8wMDE1ODAwMDAxSFFRclpBQVgvMDAxNTgwMDAwMUhRUXJaQUFYLmp3a3MiLCJvcmdfandrc19yZXZva2VkX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDFIUVFyWkFBWC9yZXZva2VkLzAwMTU4MDAwMDFIUVFyWkFBWC5qd2tzIiwic29mdHdhcmVfandrc19lbmRwb2ludCI6Imh0dHBzOi8va2V5c3RvcmUub3BlbmJhbmtpbmd0ZXN0Lm9yZy51ay8wMDE1ODAwMDAxSFFRclpBQVgvOWI1dXNEcGJOdG14RGNUenM3R3pLcC5qd2tzIiwic29mdHdhcmVfandrc19yZXZva2VkX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDFIUVFyWkFBWC9yZXZva2VkLzliNXVzRHBiTnRteERjVHpzN0d6S3AuandrcyIsInNvZnR3YXJlX3BvbGljeV91cmkiOiJodHRwczovL3dzbzIuY29tIiwic29mdHdhcmVfdG9zX3VyaSI6Imh0dHBzOi8vd3NvMi5jb20iLCJzb2Z0d2FyZV9vbl9iZWhhbGZfb2Zfb3JnIjoiV1NPMiBPcGVuIEJhbmtpbmcifQ.CA14ogdcpNwoHiIJoz6mTxNpM2wRrqiZAcbmK0RnDx2GDN3BHYnZG0Eq6VgyPbPrcRyfWl8jQs2ESsWc5JSBwejHbvpnx7kVByYkG44dhozaPANEZltNj4M912CgHeKPd_d0uID8dIUq8_s2kYMsoCccBqGyFTIymVK01HX_X_-T7npG_ovE8CLgilMFkijy5PiFC83hopxixeQfRgdmHCR_1boksbFDK3RPIEe5PiODvX8vlWB8iUGy7PGzZ0ikXBD0lx9p1AJEyYF3x1pCjsSH8tJC5E5CG0xZLQPPkT3A_SpjiUh5ElNdNcmTPow2LVSxP9QusN4vWpEMUNd9pw"
}
<signature> |
Include the following claims in the body of the request payload; | Claim | Description | Source Specification | Optional | Comments |
|---|
| iss | Request issuer (the TPP) | [RFC7519] | NO |
| | iat | Time of issuance of the request | [RFC7519] | NO |
| | exp | Request expiration time | [RFC7519] | NO |
| | aud | Request audience (the ASPSP) | [RFC7519] | NO |
| | jti | The JWT ID | [RFC7519] | NO |
| | redirect_uris | Registered URIs the TPP uses to interact with the ASPSP AS | [OIDC-R] | NO | Must match or be a subset of the software_redirect_uris claim in the SSA. |
token_endpoint_auth_method | Specifies which token endpoint authentication method the TPP wants to use | [RFC7591] | NO | private_key_jwt: If requested, the OP should extract the TPPs JWKS location from the included software statement assertion. | Note |
|---|
tls_client_auth and private_key_jwt are the only FAPI compliant authentication methods. WSO2 Open Banking supports both these methods. |
| | grant_types | A JSON array specifying what the TPP can request to be supplied to the token endpoint as an exchange for an access token | [RFC7591] | NO |
| | response_types | A JSON array specifying what the TPP can request to be returned from the ASPSP authorization endpoint | [RFC7591] | YES | ASPSPs may reject anything other than code. | | The application name that is mentioned as | |
software_client_id in the SSA.[RFC7591] | YES | If specified, the software_id in the request must match the software_id specified in the SSA. ASPSPs can choose to allow multiple registrations for a given software client name and may take the software_id from either the SSA or the TPP as a hint. | | scope | The scopes requested by the client (if not specified, default scopes are assigned by the AS) | [RFC7591] | YES | The minimum scope should be openid + whatever scopes are appropriate for the PSD2 role of the software. | Tip |
|---|
The scopes are space-delimited values. |
|
software_statement | The SSA issued by Open Banking identifier | [RFC7519] | NO | | application_type | Specifies whether the application type is web or mobile | [OIDC-R] | NO | Must be web, if specified. |
| id_token_signed_response_alg | The algorithm with which the TPP expects to sign the id_token if an id_token is returned | [OIDC-R] | NO | Supported values must comply with [FAPI-RW] Section 8.6. |
request_object_signing_alg | The algorithm with which the TPP expects to sign the request object if a request object is part of the authorization request sent to the ASPSP. | [OIDC-R] | NO | Supported values must comply with [FAPI-RW] Section 8.6.software_client_id in the SSA. | [RFC7591] | YES | If specified, the software_id in the request must match the software_id specified in the SSA. ASPSPs can choose to allow multiple registrations for a given software client name and may take the software_id from either the SSA or the TPP as a hint. | | The scopes requested by the client (if not specified, default scopes are assigned by the AS) | [RFC7591] | YES | The minimum scope should be openid + whatever scopes are appropriate for the PSD2 role of the software. | Tip |
|---|
The scopes are space delimited values. |
| | software_statement | The SSA issued by Open Banking identifier | [RFC7519] | NO |
| | application_type | Specifies whether the application type is web or mobile | [OIDC-R] | NO | Must be web, if specified. | | id_token_signed_response_alg | The algorithm with which the TPP expects to sign the id_token if an id_token is returned | [OIDC-R] | NO | Supported values must comply with [FAPI-RW] Section 8.6. | request_object_signing_alg
| The algorithm with which the TPP expects to sign the request object if a request object is part of the authorization request sent to the ASPSP. | [OIDC-R] | NO | Supported values must comply with [FAPI-RW] Section 8.6. |
|
The payload contains an SSA.
| Expand |
|---|
| title | Click here to see a decoded SSA... |
|---|
|
| Code Block |
|---|
{
"alg": "PS256",
"kid": "Hza9v5bgDJcOnhcUZ7BMwbSL_4NV0gSFvIjaSXdC-1c=",
"typ": "JWT"
}
{
"iss": "OpenBanking Ltd",
"iat": 1592364568,
"jti": "3d1b3595efac4e36",
"software_environment": "sandbox",
"software_mode": "Test",
"software_id": "9b5usDpbNtmxDcTzs7GzKp",
"software_client_id": "9b5usDpbNtmxDcTzs7GzKp",
"software_client_name": "WSO2 Open Banking TPP (Sandbox)",
"software_client_description": "This TPP Is created for testing purposes. ",
"software_version": 1.5,
"software_client_uri": "https://wso2.com",
"software_redirect_uris": [
"https://wso2.com"
],
"software_roles": [
"AISP",
"PISP"
],
"organisation_competent_authority_claims": {
"authority_id": "OBGBR",
"registration_id": "Unknown0015800001HQQrZAAX",
"status": "Active",
"authorisations": [
{
"member_state": "GB",
"roles": [
"AISP",
"PISP"
]
},
{
"member_state": "IE",
"roles": [
"AISP",
"PISP"
]
},
{
"member_state": "NL",
"roles": [
"AISP",
"PISP"
]
}
]
},
"software_logo_uri": "https://wso2.com/wso2.jpg",
"org_status": "Active",
"org_id": "0015800001HQQrZAAX",
"org_name": "WSO2 (UK) LIMITED",
"org_contacts": [
{
"name": "Technical",
"email": "mail@wso2.com",
"phone": "+94771231234",
"type": "Technical"
},
{
"name": "Business",
"email": "mail1@wso2.com",
"phone": "+94771231235",
"type": "Business"
}
],
"org_jwks_endpoint": "https://keystore.openbankingtest.org.uk/0015800001HQQrZAAX/0015800001HQQrZAAX.jwks",
"org_jwks_revoked_endpoint": "https://keystore.openbankingtest.org.uk/0015800001HQQrZAAX/revoked/0015800001HQQrZAAX.jwks",
"software_jwks_endpoint": "https://keystore.openbankingtest.org.uk/0015800001HQQrZAAX/9b5usDpbNtmxDcTzs7GzKp.jwks",
"software_jwks_revoked_endpoint": "https://keystore.openbankingtest.org.uk/0015800001HQQrZAAX/revoked/9b5usDpbNtmxDcTzs7GzKp.jwks",
"software_policy_uri": "https://wso2.com",
"software_tos_uri": "https://wso2.com",
"software_on_behalf_of_org": "WSO2 Open Banking"
} |
|
- The ASPSP validates the SSA based on the specifications provided in the Open Banking OpenID Dynamic Client (OIDC) Registration specification.
The ASPSP registers the client application using the metadata sent in the SSA.
If client creation is successful, the ASPSP responds with a JSON payload that describes the client that was created. The TPP can then use the client to access resources on the ASPSP's resource server.
If client creation is unsuccessful, the ASPSP responds with an error payload.
A sample response is given below:
| Code Block |
|---|
|
HTTP/1.1 200 Ok
Content-Type: application/json
{
"grant_types": [
"authorization_code",
"refresh_token"
],
"software_client_name": "Open Banking test",
"supportedGrantTypes": [
"refresh_token",
"client_credentials"
],
"redirect_uris": [
"https://www.amazon.com",
"https://www.amazon.com/tt/webview/oobe/proposition"
],
"software_jwks_endpoint": "https://keystore.openbankingtest.org.uk/0015800001HQQrZAAX/3c8F2a7zpWaxnO5kFOZpyE.jwks",
"token_endpoint_auth_method": "private_key_jwt",
"client_secret": "DMcSUBmgi4tjKktagizDuDaiCAAa",
"software_id": "3c8F2a7zpWaxnO5kFOZpyE",
"software_logo_uri": "https://www.amazon.com/logo",
"scope": [
"openid",
"payments"
],
"request_object_signing_alg": "ES256",
"software_roles": [
"AISP",
"PISP"
],
"client_id": "kKcxI71dFnCtIHoM9zTZiG6U1GUa",
"id_token_signed_response_alg": "ES256"
} |
[Back To Top]
Retrieving an application
The API allows the TPP to retrieve the details for a client that has already been registered. The request relies on Mutual TLS authentication and application access token (Client Credentials grant type) for TPP authentication.
| Expand |
|---|
| title | Click here for a sample application access token |
|---|
|
| Code Block |
|---|
curl -X POST \
https://localhost:8243/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'ssl.client.auth.cert.X509: MIIFODCCBCCgAwIBAgIEWcVqyzANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJH' -k \
-d 'grant_type=client_credentials&scope=openid%20&client_assertion=eyJraWQiOiJoY2dleHVndVZiNXJZU1lWQnNsLWM5aEJQdlkiLCJhbGciOiJQUzI1NiJ9.eyJzdWIiOiJ1aHo5NWVTaUtrMmxUeld4YzRqckxUWHh3RThhIiwiYXVkIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6ODI0My90b2tlbiIsImlzcyI6InVoejk1ZVNpS2sybFR6V3hjNGpyTFRYeHdFOGEiLCJleHAiOjE1OTkxODcyMDEsImlhdCI6MTU3MDA3NjUyNiwianRpIjoiMTU1NDE5MjU0MTkifQ.sb-lwJhbtbaPrCvftyNcDLUt3uqtANXdJkbCNG6x7BL57b4cqkxo20BKHn4Cnvd8f00OIfuEQLBKo5BH9bpkt06MVsoZdEhq4YMT_FqUZb_38B-MEmWuaE2n6-ZCa_Jlp8TZ49PRY_q-Zz-y8WkDF2Hy51lulL5exxq0eGfNzGNMHk9_yQeEPte2-IY7NHPNpY0WpPKpYTUHPvDC3u_o5oL7WAcdE5bwqZQ4M5VcQf_QSqVLxrRpFv2FO9FBiU_iTG1S9CgNrYICzlgk9Gg2DhFu75iqcrjpGiEcXjSULKwRT89j--jJMWSCSuJ64OFllao3x56JecxxGdlA0HuaSw&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&redirect_uri=https%3A%2F%2Fwso2.com%2F' |
|
...
If client creation is unsuccessful, the ASPSP responds with an error payload.
A sample response is given below:
| Code Block |
|---|
{
"client_id":"kbLnJJ_uQL2Ye68uaCRbPIJOR4Ua",
"client_id_issued_at":1601991722,
"redirect_uris":[
"https://wso2.com"
],
"grant_types":[
"authorization_code",
"refresh_token"
],
"application_type":"web",
"id_token_signed_response_alg":"PS256",
"token_endpoint_auth_signing_alg":"PS256",
"request_object_signing_alg":"PS256",
"scope":"accounts payments",
"software_id":"9b5usDpbNtmxDcTzs7GzKp",
"client_secret":"4nvgJQ0eSffFTtlLrfp0DqIfoLsa",
"client_secret_expires_at":0,
"token_endpoint_auth_method":"private_key_jwt",
"response_types":[
"code id_token"
],
"software_statement":"eyJhbGciOiJQUzI1NiIsImtpZCI6Ikh6YTl2NWJnREpjT25oY1VaN0JNd2JTTF80TlYwZ1NGdklqYVNYZEMtMWM9IiwidHlwIjoiSldUIn0.eyJpc3MiOiJPcGVuQmFua2luZyBMdGQiLCJpYXQiOjE1OTIzNjQ1NjgsImp0aSI6IjNkMWIzNTk1ZWZhYzRlMzYiLCJzb2Z0d2FyZV9lbnZpcm9ubWVudCI6InNhbmRib3giLCJzb2Z0d2FyZV9tb2RlIjoiVGVzdCIsInNvZnR3YXJlX2lkIjoiOWI1dXNEcGJOdG14RGNUenM3R3pLcCIsInNvZnR3YXJlX2NsaWVudF9pZCI6IjliNXVzRHBiTnRteERjVHpzN0d6S3AiLCJzb2Z0d2FyZV9jbGllbnRfbmFtZSI6IldTTzIgT3BlbiBCYW5raW5nIFRQUCAoU2FuZGJveCkiLCJzb2Z0d2FyZV9jbGllbnRfZGVzY3JpcHRpb24iOiJUaGlzIFRQUCBJcyBjcmVhdGVkIGZvciB0ZXN0aW5nIHB1cnBvc2VzLiAiLCJzb2Z0d2FyZV92ZXJzaW9uIjoxLjUsInNvZnR3YXJlX2NsaWVudF91cmkiOiJodHRwczovL3dzbzIuY29tIiwic29mdHdhcmVfcmVkaXJlY3RfdXJpcyI6WyJodHRwczovL3dzbzIuY29tIl0sInNvZnR3YXJlX3JvbGVzIjpbIkFJU1AiLCJQSVNQIl0sIm9yZ2FuaXNhdGlvbl9jb21wZXRlbnRfYXV0aG9yaXR5X2NsYWltcyI6eyJhdXRob3JpdHlfaWQiOiJPQkdCUiIsInJlZ2lzdHJhdGlvbl9pZCI6IlVua25vd24wMDE1ODAwMDAxSFFRclpBQVgiLCJzdGF0dXMiOiJBY3RpdmUiLCJhdXRob3Jpc2F0aW9ucyI6W3sibWVtYmVyX3N0YXRlIjoiR0IiLCJyb2xlcyI6WyJBSVNQIiwiUElTUCJdfSx7Im1lbWJlcl9zdGF0ZSI6IklFIiwicm9sZXMiOlsiQUlTUCIsIlBJU1AiXX0seyJtZW1iZXJfc3RhdGUiOiJOTCIsInJvbGVzIjpbIkFJU1AiLCJQSVNQIl19XX0sInNvZnR3YXJlX2xvZ29fdXJpIjoiaHR0cHM6Ly93c28yLmNvbS93c28yLmpwZyIsIm9yZ19zdGF0dXMiOiJBY3RpdmUiLCJvcmdfaWQiOiIwMDE1ODAwMDAxSFFRclpBQVgiLCJvcmdfbmFtZSI6IldTTzIgKFVLKSBMSU1JVEVEIiwib3JnX2NvbnRhY3RzIjpbeyJuYW1lIjoiVGVjaG5pY2FsIiwiZW1haWwiOiJzYWNoaW5pc0B3c28yLmNvbSIsInBob25lIjoiKzk0Nzc0Mjc0Mzc0IiwidHlwZSI6IlRlY2huaWNhbCJ9LHsibmFtZSI6IkJ1c2luZXNzIiwiZW1haWwiOiJzYWNoaW5pc0B3c28yLmNvbSIsInBob25lIjoiKzk0Nzc0Mjc0Mzc0IiwidHlwZSI6IkJ1c2luZXNzIn1dLCJvcmdfandrc19lbmRwb2ludCI6Imh0dHBzOi8va2V5c3RvcmUub3BlbmJhbmtpbmd0ZXN0Lm9yZy51ay8wMDE1ODAwMDAxSFFRclpBQVgvMDAxNTgwMDAwMUhRUXJaQUFYLmp3a3MiLCJvcmdfandrc19yZXZva2VkX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDFIUVFyWkFBWC9yZXZva2VkLzAwMTU4MDAwMDFIUVFyWkFBWC5qd2tzIiwic29mdHdhcmVfandrc19lbmRwb2ludCI6Imh0dHBzOi8va2V5c3RvcmUub3BlbmJhbmtpbmd0ZXN0Lm9yZy51ay8wMDE1ODAwMDAxSFFRclpBQVgvOWI1dXNEcGJOdG14RGNUenM3R3pLcC5qd2tzIiwic29mdHdhcmVfandrc19yZXZva2VkX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDFIUVFyWkFBWC9yZXZva2VkLzliNXVzRHBiTnRteERjVHpzN0d6S3AuandrcyIsInNvZnR3YXJlX3BvbGljeV91cmkiOiJodHRwczovL3dzbzIuY29tIiwic29mdHdhcmVfdG9zX3VyaSI6Imh0dHBzOi8vd3NvMi5jb20iLCJzb2Z0d2FyZV9vbl9iZWhhbGZfb2Zfb3JnIjoiV1NPMiBPcGVuIEJhbmtpbmcifQ.CA14ogdcpNwoHiIJoz6mTxNpM2wRrqiZAcbmK0RnDx2GDN3BHYnZG0Eq6VgyPbPrcRyfWl8jQs2ESsWc5JSBwejHbvpnx7kVByYkG44dhozaPANEZltNj4M912CgHeKPd_d0uID8dIUq8_s2kYMsoCccBqGyFTIymVK01HX_X_-T7npG_ovE8CLgilMFkijy5PiFC83hopxixeQfRgdmHCR_1boksbFDK3RPIEe5PiODvX8vlWB8iUGy7PGzZ0ikXBD0lx9p1AJEyYF3x1pCjsSH8tJC5E5CG0xZLQPPkT3A_SpjiUh5ElNdNcmTPow2LVSxP9QusN4vWpEMUNd9pw"
} |
Generate a Client Credentials grant access token for the application using the following command:
| Expand |
|---|
| title | Click here to see how to generate the client assertion... |
|---|
|
| Localtabgroup |
|---|
| Localtab |
|---|
| title | client_assertion format |
|---|
| | Code Block |
|---|
| {
"alg": "<<The algorithm used for signing.>>",
"kid": "<<The thumbprint of the certificate.>>",
"typ": "JWT"
}
{
"iss": "<<This is the issuer of the token. For example, client ID of your application>>",
"sub": "<<This is the subject identifier of the issuer. For example, client ID of your application>>",
"exp": <<This is epoch time of the token expiration date/time>>,
"iat": <<This is epoch time of the token issuance date/time>>,
"jti": "<<This is an incremental unique value>>",
"aud": "<<This is the audience that the ID token is intended for. For example, https://<<OB_HOST>>:8243/token>>"
}
<signature: For DCR, the client assertion is signed by the private key of the signing certificate. Otherwise the private signature of the application certificate is used.> |
|
| Localtab |
|---|
| title | sample client_assertion |
|---|
| | Code Block |
|---|
eyJraWQiOiJEd01LZFdNbWo3UFdpbnZvcWZReVhWenlaNlEiLCJhbGciOiJQUzI1NiJ9.eyJzdWIiOiJrYkxuSkpfdVFMMlllNjh1YUNSYlBJSk9SNFVhIiwiYXVkIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6ODI0My90b2tlbiIsImlzcyI6ImtiTG5KSl91UUwyWWU2OHVhQ1JiUElKT1I0VWEiLCJleHAiOjE2Mzg3ODg0NDIsImlhdCI6MTYwMTk5Mjk2MSwianRpIjoiMTYwMTk5Mjk2MSJ9.kWeV242yEXvF1vTntHsjxMfFqGAGIwiXQM1QeSTMoXyYePB450UZHZaVVo4_Q4SM9--FWQYCVKa7_SDMvmGcaiHeb5UTp0rdivMvVMZ1HkaYQRopC9ceR3tSJbJ7J7XFKTEIUOqk6ehXZcQ9tTQDlaRHmL67y6s_XgTu_Gca3Q4ejEFQRr5JGGyzTimXdlqEfd3Lo6WD1I_s-c26tAuAJ00oGvAXOBPy0EoDFMdLDXv-ZSAASZGYZr9F5s06qh5KHIY4rxQdr104dAalD-7pGhMwY2lwZymVlud73hCHfwq60fevra57HoVAD1hZVJ7hMf09QvlltLL6i3Gd4WzPXQ |
|
|
|
| Localtabgroup |
|---|
| Localtab |
|---|
| | Code Block |
|---|
curl -X POST \
https://<WSO2_OB_APIM_HOST>:8243/token \
--cert <TRANSPORT_PUBLIC_KEY_FILE_PATH> --key <TRANSPORT_PRIVATE_KEY_FILE_PATH> \
-d 'grant_type=client_credentials&scope=accounts openid&client_assertion=<CLIENT_ASSERTION_JWT>&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&redirect_uri=<APPLICATION_CALLBACK_URL>' |
|
| Localtab |
|---|
| | Code Block |
|---|
{
"access_token":"aa8ce78b-d81e-3385-81b1-a9fdd1e71daf",
"scope":"am_application_scope openid",
"id_token":"eyJ4NXQiOiJNell4TW1Ga09HWXdNV0kwWldObU5EY3hOR1l3WW1NNFpUQTNNV0kyTkRBelpHUXpOR00wWkdSbE5qSmtPREZrWkRSaU9URmtNV0ZoTXpVMlpHVmxOZyIsImtpZCI6Ik16WXhNbUZrT0dZd01XSTBaV05tTkRjeE5HWXdZbU00WlRBM01XSTJOREF6WkdRek5HTTBaR1JsTmpKa09ERmtaRFJpT1RGa01XRmhNelUyWkdWbE5nX1JTMjU2IiwiYWxnIjoiUlMyNTYifQ.eyJhdF9oYXNoIjoiaHVBcS1GbzB0N2pFZmtiZ1A4TkJwdyIsImF1ZCI6WyJrYkxuSkpfdVFMMlllNjh1YUNSYlBJSk9SNFVhIiwiaHR0cDpcL1wvb3JnLndzbzIuYXBpbWd0XC9nYXRld2F5Il0sInN1YiI6ImFkbWluQHdzbzIuY29tQGNhcmJvbi5zdXBlciIsIm5iZiI6MTYwMTk5MzA5OCwiYXpwIjoia2JMbkpKX3VRTDJZZTY4dWFDUmJQSUpPUjRVYSIsImFtciI6WyJjbGllbnRfY3JlZGVudGlhbHMiXSwic2NvcGUiOlsiYW1fYXBwbGljYXRpb25fc2NvcGUiLCJvcGVuaWQiXSwiaXNzIjoiaHR0cHM6XC9cL2xvY2FsaG9zdDo4MjQzXC90b2tlbiIsImV4cCI6MTYwMTk5NjY5OCwiaWF0IjoxNjAxOTkzMDk4fQ.cGdQ-9qK5JvKW32lK_PqhyJZyRb3r_86UPRFI2hlgiScnLYD8RsXDBNalmmnHiAbfb06e69QHQnmEKa6pcSSFWor0OAuzisBb6C5V51E9vH0eCr4hIa_lBtmjvLmsSue7puRUaYcyptwiuUkwjLFb-3_cpeuzWH29Knwne6zVD8gav_FPi1ub4vkrkX8ktLZH_JQG20fim1Ai5j2Q7jcnaMIHShYnC9sLBP5usp3thFLdQEyH8KCHJK79yNKzaruUntkq9yqqO_MQvY7VevLlDEDPllniRVih0r4TICdGrgJ0Ibr4wh_xFksVhYqa2_6x71ed_K9SX3hG-6T6pBUVA",
"token_type":"Bearer",
"expires_in":3600
} |
|
|
[Back To Top]
...
Retrieving an application
The API allows the TPP to retrieve the details for a client that has already been registered. The request relies on Mutual TLS authentication and application access token (Client Credentials grant type) for TPP authentication.
The request has one path parameter named ClientId. It specifies the ClientId of the application that the TPP wants to retrieve details.
- If the request is successful and the identifier (
ClientId) matches the client to whom the Client Credentials grant access token was issued, the ASPSP returns details of the requested client - If the
ClientId is unknown, the ASPSP responds with an Unauthorized status code and immediately revokes the access token
Given below is a sample request sent to the retrieving endpoint:
...
...
Given below is a sample request sent to the retrieving endpoint:
| Localtabgroup |
|---|
| Localtab |
|---|
| | Code Block |
|---|
{curl -X GET \
"scope": "accounts payments",
"grant_types": [
"authorization_code",
"refresh_token"
],
"client_secret_expires_at": 0,
"redirect_uris": [
"https://wso2.com/redirect"
],
"token_endpoint_auth_method": "private_key_jwt",
"response_types": [
https://<WSO2_OB_APIM_HOST>:8243/open-banking/v3.2/register/<CLIENT_ID> \
-H 'Authorization: Bearer <APPLICATION_ACCESS_TOKEN>' \
--cert <TRANSPORT_PUBLIC_KEY_FILE_PATH> --key <TRANSPORT_PRIVATE_KEY_FILE_PATH> |
|
| Localtab |
|---|
| | Code Block |
|---|
{
"client_id":"kbLnJJ_uQL2Ye68uaCRbPIJOR4Ua",
"client_id_issued_at":1601991722,
"redirect_uris":[
"code",
"code id_token"
https://wso2.com"
],
"softwaregrant_idtypes":[
"VgQOIBMehPnlLUQw0BFM5S", "id_token_signed_response_alg": "ES256",authorization_code",
"request_object_signing_alg": "ES256"refresh_token"
],
"application_type": "web",
"software_statementid_token_signed_response_alg": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPcGVuQmFua2luZyIsImlhdCI6MTQ5OTgwNTg0OCwiZXhwIjoxNTMxMzQxODQ4LCJhdWQiOiJFeGFtcGxlIFRQUCIsInN1YiI6IkV4YW1wbGUgVFBQIiwiT2JUUFBJZCI6IklEQW1hem9uIiwiT2JUUFBSb2xlIjoiUElTUCJ9.RrrtJXnffK5c8rIxG3RowAsQeceH3oZQWMbpgHD78O8PS256",
"clienttoken_endpoint_idauth_issuedsigning_atalg": 1563443265"PS256",
"client_id"request_object_signing_alg": "lahhgfFENmfXoDEcQffaoyjmDGcaPS256",
"client_secretscope": "h3zedckJmOy7eM3wMnZwNoscSKQa"
} |
|
|
[Back To Top]
Updating an application
The API allows the TPP to request the ASPSP to modify one or more attributes related to an existing client. The request relies on Mutual TLS authentication and application access token (Client Credentials grant type) for TPP authentication.
| Expand |
|---|
| title | Click here for a sample application access token |
|---|
|
| Code Block |
|---|
curl -X POST \
https://localhost:8243/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'ssl.client.auth.cert.X509: MIIFODCCBCCgAwIBAgIEWcVqyzANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJH' -k \
-d 'grant_type=client_credentials&scope=openid%20&client_assertion=eyJraWQiOiJoY2dleHVndVZiNXJZU1lWQnNsLWM5aEJQdlkiLCJhbGciOiJQUzI1NiJ9.eyJzdWIiOiJ1aHo5NWVTaUtrMmxUeld4YzRqckxUWHh3RThhIiwiYXVkIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6ODI0My90b2tlbiIsImlzcyI6InVoejk1ZVNpS2sybFR6V3hjNGpyTFRYeHdFOGEiLCJleHAiOjE1OTkxODcyMDEsImlhdCI6MTU3MDA3NjUyNiwianRpIjoiMTU1NDE5MjU0MTkifQ.sb-lwJhbtbaPrCvftyNcDLUt3uqtANXdJkbCNG6x7BL57b4cqkxo20BKHn4Cnvd8f00OIfuEQLBKo5BH9bpkt06MVsoZdEhq4YMT_FqUZb_38B-MEmWuaE2n6-ZCa_Jlp8TZ49PRY_q-Zz-y8WkDF2Hy51lulL5exxq0eGfNzGNMHk9_yQeEPte2-IY7NHPNpY0WpPKpYTUHPvDC3u_o5oL7WAcdE5bwqZQ4M5VcQf_QSqVLxrRpFv2FO9FBiU_iTG1S9CgNrYICzlgk9Gg2DhFu75iqcrjpGiEcXjSULKwRT89j--jJMWSCSuJ64OFllao3x56JecxxGdlA0HuaSw&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&redirect_uri=https%3A%2F%2Fwso2.com%2F' |
|
...
"accounts payments",
"software_id":"9b5usDpbNtmxDcTzs7GzKp",
"client_secret":"4nvgJQ0eSffFTtlLrfp0DqIfoLsa",
"client_secret_expires_at":0,
"token_endpoint_auth_method":"private_key_jwt",
"response_types":[
"code id_token"
],
"software_statement":"eyJhbGciOiJQUzI1NiIsImtpZCI6Ikh6YTl2NWJnREpjT25oY1VaN0JNd2JTTF80TlYwZ1NGdklqYVNYZEMtMWM9IiwidHlwIjoiSldUIn0.eyJpc3MiOiJPcGVuQmFua2luZyBMdGQiLCJpYXQiOjE1OTIzNjQ1NjgsImp0aSI6IjNkMWIzNTk1ZWZhYzRlMzYiLCJzb2Z0d2FyZV9lbnZpcm9ubWVudCI6InNhbmRib3giLCJzb2Z0d2FyZV9tb2RlIjoiVGVzdCIsInNvZnR3YXJlX2lkIjoiOWI1dXNEcGJOdG14RGNUenM3R3pLcCIsInNvZnR3YXJlX2NsaWVudF9pZCI6IjliNXVzRHBiTnRteERjVHpzN0d6S3AiLCJzb2Z0d2FyZV9jbGllbnRfbmFtZSI6IldTTzIgT3BlbiBCYW5raW5nIFRQUCAoU2FuZGJveCkiLCJzb2Z0d2FyZV9jbGllbnRfZGVzY3JpcHRpb24iOiJUaGlzIFRQUCBJcyBjcmVhdGVkIGZvciB0ZXN0aW5nIHB1cnBvc2VzLiAiLCJzb2Z0d2FyZV92ZXJzaW9uIjoxLjUsInNvZnR3YXJlX2NsaWVudF91cmkiOiJodHRwczovL3dzbzIuY29tIiwic29mdHdhcmVfcmVkaXJlY3RfdXJpcyI6WyJodHRwczovL3dzbzIuY29tIl0sInNvZnR3YXJlX3JvbGVzIjpbIkFJU1AiLCJQSVNQIl0sIm9yZ2FuaXNhdGlvbl9jb21wZXRlbnRfYXV0aG9yaXR5X2NsYWltcyI6eyJhdXRob3JpdHlfaWQiOiJPQkdCUiIsInJlZ2lzdHJhdGlvbl9pZCI6IlVua25vd24wMDE1ODAwMDAxSFFRclpBQVgiLCJzdGF0dXMiOiJBY3RpdmUiLCJhdXRob3Jpc2F0aW9ucyI6W3sibWVtYmVyX3N0YXRlIjoiR0IiLCJyb2xlcyI6WyJBSVNQIiwiUElTUCJdfSx7Im1lbWJlcl9zdGF0ZSI6IklFIiwicm9sZXMiOlsiQUlTUCIsIlBJU1AiXX0seyJtZW1iZXJfc3RhdGUiOiJOTCIsInJvbGVzIjpbIkFJU1AiLCJQSVNQIl19XX0sInNvZnR3YXJlX2xvZ29fdXJpIjoiaHR0cHM6Ly93c28yLmNvbS93c28yLmpwZyIsIm9yZ19zdGF0dXMiOiJBY3RpdmUiLCJvcmdfaWQiOiIwMDE1ODAwMDAxSFFRclpBQVgiLCJvcmdfbmFtZSI6IldTTzIgKFVLKSBMSU1JVEVEIiwib3JnX2NvbnRhY3RzIjpbeyJuYW1lIjoiVGVjaG5pY2FsIiwiZW1haWwiOiJzYWNoaW5pc0B3c28yLmNvbSIsInBob25lIjoiKzk0Nzc0Mjc0Mzc0IiwidHlwZSI6IlRlY2huaWNhbCJ9LHsibmFtZSI6IkJ1c2luZXNzIiwiZW1haWwiOiJzYWNoaW5pc0B3c28yLmNvbSIsInBob25lIjoiKzk0Nzc0Mjc0Mzc0IiwidHlwZSI6IkJ1c2luZXNzIn1dLCJvcmdfandrc19lbmRwb2ludCI6Imh0dHBzOi8va2V5c3RvcmUub3BlbmJhbmtpbmd0ZXN0Lm9yZy51ay8wMDE1ODAwMDAxSFFRclpBQVgvMDAxNTgwMDAwMUhRUXJaQUFYLmp3a3MiLCJvcmdfandrc19yZXZva2VkX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDFIUVFyWkFBWC9yZXZva2VkLzAwMTU4MDAwMDFIUVFyWkFBWC5qd2tzIiwic29mdHdhcmVfandrc19lbmRwb2ludCI6Imh0dHBzOi8va2V5c3RvcmUub3BlbmJhbmtpbmd0ZXN0Lm9yZy51ay8wMDE1ODAwMDAxSFFRclpBQVgvOWI1dXNEcGJOdG14RGNUenM3R3pLcC5qd2tzIiwic29mdHdhcmVfandrc19yZXZva2VkX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDFIUVFyWkFBWC9yZXZva2VkLzliNXVzRHBiTnRteERjVHpzN0d6S3AuandrcyIsInNvZnR3YXJlX3BvbGljeV91cmkiOiJodHRwczovL3dzbzIuY29tIiwic29mdHdhcmVfdG9zX3VyaSI6Imh0dHBzOi8vd3NvMi5jb20iLCJzb2Z0d2FyZV9vbl9iZWhhbGZfb2Zfb3JnIjoiV1NPMiBPcGVuIEJhbmtpbmcifQ.CA14ogdcpNwoHiIJoz6mTxNpM2wRrqiZAcbmK0RnDx2GDN3BHYnZG0Eq6VgyPbPrcRyfWl8jQs2ESsWc5JSBwejHbvpnx7kVByYkG44dhozaPANEZltNj4M912CgHeKPd_d0uID8dIUq8_s2kYMsoCccBqGyFTIymVK01HX_X_-T7npG_ovE8CLgilMFkijy5PiFC83hopxixeQfRgdmHCR_1boksbFDK3RPIEe5PiODvX8vlWB8iUGy7PGzZ0ikXBD0lx9p1AJEyYF3x1pCjsSH8tJC5E5CG0xZLQPPkT3A_SpjiUh5ElNdNcmTPow2LVSxP9QusN4vWpEMUNd9pw"
} |
|
|
[Back To Top]
...
Updating an application
The API allows the TPP to request the ASPSP to modify one or more attributes related to an existing client. The request relies on Mutual TLS authentication and application access token (Client Credentials grant type) for TPP authentication.
The request has one path parameter named ClientId. It specifies the ClientId of the application that the TPP wants to modify. The TPP submits a JWS payload that describes the characteristics of the client to be modified. This must include all the claims, including the ones that will not be modified.
- If the client is successfully modified, the ASPSP responds with a JSON payload that describes the client that was created.
If the ClientId is unknown, the ASPSP responds with an Unauthorized status code and immediately revokes the access token.
If client modification is unsuccessful, the ASPSP responds with an error payload.
| Localtabgroup |
|---|
| Localtab |
|---|
| | Code Block |
|---|
curl -X PUT \
https://localhost<WSO2_OB_APIM_HOST>:8243/open-banking/v3.2/register/Qib6<CLIENT_6Leu0eWe6Q8pMAK5YH_ZSUaID> \
-H 'Authorization: Bearer 5ee4f041-6901-380c-9293-c548adfa6a6e<APPLICATION_ACCESS_TOKEN>' \
-H 'Content-Type: application/jwt' -k --cert <TRANSPORT_PUBLIC_KEY_FILE_PATH> --key <TRANSPORT_PRIVATE_KEY_FILE_PATH> \
-d eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImhjZ2V4dWd1VmI1cllTWVZCc2wtYzloQlB2WSJ9eyJ0eXAiOiJKV1QiLCJhbGciOiJQUzI1NiIsImtpZCI6IkR3TUtkV01tajdQV2ludm9xZlF5WFZ6eVo2USJ9.eyJpc3MiOiJXU08yIFRQUCIsImlhdCI6MTU1NDE4NDc2NiwiZXhwIjoxNzQzNTczNTY1LCJqdGkiOiI5MjcxMzg5Mi01NTE0LTExZTktODY0Ny1kNjYzYmQ4NzNkOTMiLCJhdWQiOiJodHRwczovL2xvY2FsYmFuay5jb20iLCJzY29wZSI6ImFjY291bnRzIHBheW1lbnRzIiwidG9rZW5fZW5kcG9pbnRfYXV0aF9tZXRob2QiOiJwcml2YXRlX2tleV9qd3QiLCJncmFudF90eXBlcyI6WyJhdXRob3JpemF0aW9uX2NvZGUiLCJyZWZyZXNoX3Rva2VuIl0sInJlc3BvbnNlX3R5cGVzIjpbImNvZGUiLCJjb2RlIGlkX3Rva2VuIl0sImlkX3Rva2VuX3NpZ25lZF9yZXNwb25zZV9hbGciOiJFUzI1NiIsInJlcXVlc3Rfb2JqZWN0X3NpZ25pbmdfYWxnIjoiRVMyNTYiLCJzb2Z0d2FyZV9pZCI6IlZnUU9JQk1laFBubExVUXcwQkZNNVMiLCJhcHBsaWNhdGlvbl90eXBlIjoid2ViIiwicmVkaXJlY3RfdXJpcyI6WyJodHRwczovL3dzbzIuY29tL3JlZGlyZWN0Il0sInNvZnR3YXJlX3N0YXRlbWVudCI6ImV5SjBlWEFpT2lKS1YxUWlMQ0poYkdjaU9pSklVekkxTmlKOS5leUpwYzNNaU9pSlBjR1Z1UW1GdWEybHVaeUlzSW1saGRDSTZNVFE1T1Rnd05UZzBPQ3dpWlhod0lqb3hOVE14TXpReE9EUTRMQ0poZFdRaU9pSkZlR0Z0Y0d4bElGUlFVQ0lzSW5OMVlpSTZJa1Y0WVcxd2JHVWdWRkJRSWl3aVQySlVVRkJKWkNJNklrbEVRVzFoZW05dUlpd2lUMkpVVUZCU2IyeGxJam9pVUVsVFVDSjkuUnJydEpYbmZmSzVjOHJJeEczUm93QXNRZWNlSDNvWlFXTWJwZ0hENzhPOCJ9eyJpc3MiOiI5YjV1c0RwYk50bXhEY1R6czdHektwIiwiaWF0IjoxNjAxOTgyMDQyLCJleHAiOjE2MDcyNTI0NDIsImp0aSI6IjE2MDE5ODIwNDYiLCJhdWQiOiJodHRwczovL2xvY2FsaG9zdDo4MjQzL3Rva2VuIiwic2NvcGUiOiJhY2NvdW50cyBwYXltZW50cyIsInRva2VuX2VuZHBvaW50X2F1dGhfbWV0aG9kIjoicHJpdmF0ZV9rZXlfand0IiwiZ3JhbnRfdHlwZXMiOlsiYXV0aG9yaXphdGlvbl9jb2RlIiwicmVmcmVzaF90b2tlbiJdLCJyZXNwb25zZV90eXBlcyI6WyJjb2RlIGlkX3Rva2VuIl0sImlkX3Rva2VuX3NpZ25lZF9yZXNwb25zZV9hbGciOiJQUzI1NiIsInJlcXVlc3Rfb2JqZWN0X3NpZ25pbmdfYWxnIjoiUFMyNTYiLCJzb2Z0d2FyZV9pZCI6IjliNXVzRHBiTnRteERjVHpzN0d6S3AiLCJhcHBsaWNhdGlvbl90eXBlIjoid2ViIiwicmVkaXJlY3RfdXJpcyI6WyJodHRwczovL3dzbzIuY29tIl0sInRva2VuX2VuZHBvaW50X2F1dGhfc2lnbmluZ19hbGciOiJQUzI1NiIsInNvZnR3YXJlX3N0YXRlbWVudCI6ImV5SmhiR2NpT2lKUVV6STFOaUlzSW10cFpDSTZJa2g2WVRsMk5XSm5SRXBqVDI1b1kxVmFOMEpOZDJKVFRGODBUbFl3WjFOR2RrbHFZVk5ZWkVNdE1XTTlJaXdpZEhsd0lqb2lTbGRVSW4wLmV5SnBjM01pT2lKUGNHVnVRbUZ1YTJsdVp5Qk1kR1FpTENKcFlYUWlPakUxT1RJek5qUTFOamdzSW1wMGFTSTZJak5rTVdJek5UazFaV1poWXpSbE16WWlMQ0p6YjJaMGQyRnlaVjlsYm5acGNtOXViV1Z1ZENJNkluTmhibVJpYjNnaUxDSnpiMlowZDJGeVpWOXRiMlJsSWpvaVZHVnpkQ0lzSW5OdlpuUjNZWEpsWDJsa0lqb2lPV0kxZFhORWNHSk9kRzE0UkdOVWVuTTNSM3BMY0NJc0luTnZablIzWVhKbFgyTnNhV1Z1ZEY5cFpDSTZJamxpTlhWelJIQmlUblJ0ZUVSalZIcHpOMGQ2UzNBaUxDSnpiMlowZDJGeVpWOWpiR2xsYm5SZmJtRnRaU0k2SWxkVFR6SWdUM0JsYmlCQ1lXNXJhVzVuSUZSUVVDQW9VMkZ1WkdKdmVDa2lMQ0p6YjJaMGQyRnlaVjlqYkdsbGJuUmZaR1Z6WTNKcGNIUnBiMjRpT2lKVWFHbHpJRlJRVUNCSmN5QmpjbVZoZEdWa0lHWnZjaUIwWlhOMGFXNW5JSEIxY25CdmMyVnpMaUFpTENKemIyWjBkMkZ5WlY5MlpYSnphVzl1SWpveExqVXNJbk52Wm5SM1lYSmxYMk5zYVdWdWRGOTFjbWtpT2lKb2RIUndjem92TDNkemJ6SXVZMjl0SWl3aWMyOW1kSGRoY21WZmNtVmthWEpsWTNSZmRYSnBjeUk2V3lKb2RIUndjem92TDNkemJ6SXVZMjl0SWwwc0luTnZablIzWVhKbFgzSnZiR1Z6SWpwYklrRkpVMUFpTENKUVNWTlFJbDBzSW05eVoyRnVhWE5oZEdsdmJsOWpiMjF3WlhSbGJuUmZZWFYwYUc5eWFYUjVYMk5zWVdsdGN5STZleUpoZFhSb2IzSnBkSGxmYVdRaU9pSlBRa2RDVWlJc0luSmxaMmx6ZEhKaGRHbHZibDlwWkNJNklsVnVhMjV2ZDI0d01ERTFPREF3TURBeFNGRlJjbHBCUVZnaUxDSnpkR0YwZFhNaU9pSkJZM1JwZG1VaUxDSmhkWFJvYjNKcGMyRjBhVzl1Y3lJNlczc2liV1Z0WW1WeVgzTjBZWFJsSWpvaVIwSWlMQ0p5YjJ4bGN5STZXeUpCU1ZOUUlpd2lVRWxUVUNKZGZTeDdJbTFsYldKbGNsOXpkR0YwWlNJNklrbEZJaXdpY205c1pYTWlPbHNpUVVsVFVDSXNJbEJKVTFBaVhYMHNleUp0WlcxaVpYSmZjM1JoZEdVaU9pSk9UQ0lzSW5KdmJHVnpJanBiSWtGSlUxQWlMQ0pRU1ZOUUlsMTlYWDBzSW5OdlpuUjNZWEpsWDJ4dloyOWZkWEpwSWpvaWFIUjBjSE02THk5M2MyOHlMbU52YlM5M2MyOHlMbXB3WnlJc0ltOXlaMTl6ZEdGMGRYTWlPaUpCWTNScGRtVWlMQ0p2Y21kZmFXUWlPaUl3TURFMU9EQXdNREF4U0ZGUmNscEJRVmdpTENKdmNtZGZibUZ0WlNJNklsZFRUeklnS0ZWTEtTQk1TVTFKVkVWRUlpd2liM0puWDJOdmJuUmhZM1J6SWpwYmV5SnVZVzFsSWpvaVZHVmphRzVwWTJGc0lpd2laVzFoYVd3aU9pSnpZV05vYVc1cGMwQjNjMjh5TG1OdmJTSXNJbkJvYjI1bElqb2lLemswTnpjME1qYzBNemMwSWl3aWRIbHdaU0k2SWxSbFkyaHVhV05oYkNKOUxIc2libUZ0WlNJNklrSjFjMmx1WlhOeklpd2laVzFoYVd3aU9pSnpZV05vYVc1cGMwQjNjMjh5TG1OdmJTSXNJbkJvYjI1bElqb2lLemswTnpjME1qYzBNemMwSWl3aWRIbHdaU0k2SWtKMWMybHVaWE56SW4xZExDSnZjbWRmYW5kcmMxOWxibVJ3YjJsdWRDSTZJbWgwZEhCek9pOHZhMlY1YzNSdmNtVXViM0JsYm1KaGJtdHBibWQwWlhOMExtOXlaeTUxYXk4d01ERTFPREF3TURBeFNGRlJjbHBCUVZndk1EQXhOVGd3TURBd01VaFJVWEphUVVGWUxtcDNhM01pTENKdmNtZGZhbmRyYzE5eVpYWnZhMlZrWDJWdVpIQnZhVzUwSWpvaWFIUjBjSE02THk5clpYbHpkRzl5WlM1dmNHVnVZbUZ1YTJsdVozUmxjM1F1YjNKbkxuVnJMekF3TVRVNE1EQXdNREZJVVZGeVdrRkJXQzl5WlhadmEyVmtMekF3TVRVNE1EQXdNREZJVVZGeVdrRkJXQzVxZDJ0eklpd2ljMjltZEhkaGNtVmZhbmRyYzE5bGJtUndiMmx1ZENJNkltaDBkSEJ6T2k4dmEyVjVjM1J2Y21VdWIzQmxibUpoYm10cGJtZDBaWE4wTG05eVp5NTFheTh3TURFMU9EQXdNREF4U0ZGUmNscEJRVmd2T1dJMWRYTkVjR0pPZEcxNFJHTlVlbk0zUjNwTGNDNXFkMnR6SWl3aWMyOW1kSGRoY21WZmFuZHJjMTl5WlhadmEyVmtYMlZ1WkhCdmFXNTBJam9pYUhSMGNITTZMeTlyWlhsemRHOXlaUzV2Y0dWdVltRnVhMmx1WjNSbGMzUXViM0puTG5Wckx6QXdNVFU0TURBd01ERklVVkZ5V2tGQldDOXlaWFp2YTJWa0x6bGlOWFZ6UkhCaVRuUnRlRVJqVkhwek4wZDZTM0F1YW5kcmN5SXNJbk52Wm5SM1lYSmxYM0J2YkdsamVWOTFjbWtpT2lKb2RIUndjem92TDNkemJ6SXVZMjl0SWl3aWMyOW1kSGRoY21WZmRHOXpYM1Z5YVNJNkltaDBkSEJ6T2k4dmQzTnZNaTVqYjIwaUxDSnpiMlowZDJGeVpWOXZibDlpWldoaGJHWmZiMlpmYjNKbklqb2lWMU5QTWlCUGNHVnVJRUpoYm10cGJtY2lmUS5DQTE0b2dkY3BOd29IaUlKb3o2bVR4TnBNMndScnFpWkFjYm1LMFJuRHgyR0ROM0JIWW5aRzBFcTZWZ3lQYlByY1J5ZldsOGpRczJFU3NXYzVKU0J3ZWpIYnZwbng3a1ZCeVlrRzQ0ZGhvemFQQU5FWmx0Tmo0TTkxMkNnSGVLUGRfZDB1SUQ4ZElVcThfczJrWU1zb0NjY0JxR3lGVEl5bVZLMDFIWF9YXy1UN25wR19vdkU4Q0xnaWxNRmtpank1UGlGQzgzaG9weGl4ZVFmUmdkbUhDUl8xYm9rc2JGREszUlBJRWU1UGlPRHZYOHZsV0I4aVVHeTdQR3paMGlrWEJEMGx4OXAxQUpFeVlGM3gxcENqc1NIOHRKQzVFNUNHMHhaTFFQUGtUM0FfU3BqaVVoNUVsTmROY21UUG93MkxWU3hQOVF1c040dldwRU1VTmQ5cHcifQ.s6btE-mH138nbVW4CGm5ER_aGN4SYqN2aq-FA2C3vlZhCiiNNULPIyC_HvxW1Mhi6UBZdokt9ofQnMyjLw1vSOPKgW3DZSYQtn0EWRj0KUhSWS0SJjMlVSE-hOIFxnjN0UjqNCsqAfvWj_HxXaRmbdFL4NdxPPOi2Qc4Dg6cMdOH7JGM374QeGM0rmu8n3u2od6zXlJPFjeVC1SCVdXbEL7mSWoblR30-RIij_QZyUrE2AB2cvE_m5sg5sINkigYmH19MzkfkYiku-lrndflmZOiw9dev0UBuLOQX5X4OjFrXfgwWzLFvXCSO0rabGbLgruu5ZFWjmt9iEVq0a8oEw |
| | Localtab |
|---|
| | Code Block |
|---|
| {
"scope": "accounts payments",kq8UsDUcb6Ee55w4U4JhiifyUB0sSiTAnobLV1bwujfS2msdUfxDHqVjyrvx4NvPd54sXg3_k1EIRHLT4vT-zUkojqtWiB_v2ndo5UqvPUrIFoqY0IQznKBfD6cLlGQ0laYqxm_GJWAEdEv_O8Ggw_z1DMiZZRHF9Oln9zZtT95JcGeJ8JCQVDkaX_AM-fZrVaixfD4iBfy-n4H6LHCy94c1DrCM9wEGr7XfHLAVNdZe2Qbyjf1sVEPukK_ccw4AYcWUo3UJQ2WIKxZL4fBmb_3Z0ez9k31k6in86Hg4tHO9itXSVJvvzn8oAaYXXQrxfk4N1CojV3zk1bkhy6In3Q |
|
| Localtab |
|---|
| | Code Block |
|---|
{
"grantclient_typesid": [
"authorization_code"kbLnJJ_uQL2Ye68uaCRbPIJOR4Ua",
"refresh_token"
],
"client_secretid_expiresissued_at": 01601991722,
"redirect_uris": [
"https://wso2.com/redirect"
],
"token_endpoint_auth_method": "private_key_jwt".com"
],
"responsegrant_types": [
"authorization_code",
"code idrefresh_token"
],
"softwareapplication_idtype": "VgQOIBMehPnlLUQw0BFM5Sweb",
"id_token_signed_response_alg": "ES256PS256",
"requesttoken_endpoint_objectauth_signing_alg": "ES256PS256",
"application_typerequest_object_signing_alg": "webPS256",
"software_statement": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPcGVuQmFua2luZyIsImlhdCI6MTQ5OTgwNTg0OCwiZXhwIjoxNTMxMzQxODQ4LCJhdWQiOiJFeGFtcGxlIFRQUCIsInN1YiI6IkV4YW1wbGUgVFBQIiwiT2JUUFBJZCI6IklEQW1hem9uIiwiT2JUUFBSb2xlIjoiUElTUCJ9.RrrtJXnffK5c8rIxG3RowAsQeceH3oZQWMbpgHD78O8"
"client_id_issued_atscope":"accounts 1563443265payments",
"clientsoftware_id": "lahhgfFENmfXoDEcQffaoyjmDGca9b5usDpbNtmxDcTzs7GzKp",
"client_secret": "h3zedckJmOy7eM3wMnZwNoscSKQa"
} |
|
|
[Back To Top]
Deleting an application
The API allows the TPP to request the ASPSP to delete an existing client. The request relies on Mutual TLS authentication and application access token (Client Credentials grant type) for TPP authentication.
| Expand |
|---|
| title | Click here for a sample application access token |
|---|
|
| Code Block |
|---|
curl -X POST \
https://localhost:8243/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'ssl.client.auth.cert.X509: MIIFODCCBCCgAwIBAgIEWcVqyzANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJH' -k \
-d 'grant_type=client_credentials&scope=openid%20&client_assertion=eyJraWQiOiJoY2dleHVndVZiNXJZU1lWQnNsLWM5aEJQdlkiLCJhbGciOiJQUzI1NiJ9.eyJzdWIiOiJ1aHo5NWVTaUtrMmxUeld4YzRqckxUWHh3RThhIiwiYXVkIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6ODI0My90b2tlbiIsImlzcyI6InVoejk1ZVNpS2sybFR6V3hjNGpyTFRYeHdFOGEiLCJleHAiOjE1OTkxODcyMDEsImlhdCI6MTU3MDA3NjUyNiwianRpIjoiMTU1NDE5MjU0MTkifQ.sb-lwJhbtbaPrCvftyNcDLUt3uqtANXdJkbCNG6x7BL57b4cqkxo20BKHn4Cnvd8f00OIfuEQLBKo5BH9bpkt06MVsoZdEhq4YMT_FqUZb_38B-MEmWuaE2n6-ZCa_Jlp8TZ49PRY_q-Zz-y8WkDF2Hy51lulL5exxq0eGfNzGNMHk9_yQeEPte2-IY7NHPNpY0WpPKpYTUHPvDC3u_o5oL7WAcdE5bwqZQ4M5VcQf_QSqVLxrRpFv2FO9FBiU_iTG1S9CgNrYICzlgk9Gg2DhFu75iqcrjpGiEcXjSULKwRT89j--jJMWSCSuJ64OFllao3x56JecxxGdlA0HuaSw&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&redirect_uri=https%3A%2F%2Fwso2.com%2F' |
|
...
"4nvgJQ0eSffFTtlLrfp0DqIfoLsa",
"client_secret_expires_at":0,
"token_endpoint_auth_method":"private_key_jwt",
"response_types":[
"code id_token"
],
"software_statement":"eyJhbGciOiJQUzI1NiIsImtpZCI6Ikh6YTl2NWJnREpjT25oY1VaN0JNd2JTTF80TlYwZ1NGdklqYVNYZEMtMWM9IiwidHlwIjoiSldUIn0.eyJpc3MiOiJPcGVuQmFua2luZyBMdGQiLCJpYXQiOjE1OTIzNjQ1NjgsImp0aSI6IjNkMWIzNTk1ZWZhYzRlMzYiLCJzb2Z0d2FyZV9lbnZpcm9ubWVudCI6InNhbmRib3giLCJzb2Z0d2FyZV9tb2RlIjoiVGVzdCIsInNvZnR3YXJlX2lkIjoiOWI1dXNEcGJOdG14RGNUenM3R3pLcCIsInNvZnR3YXJlX2NsaWVudF9pZCI6IjliNXVzRHBiTnRteERjVHpzN0d6S3AiLCJzb2Z0d2FyZV9jbGllbnRfbmFtZSI6IldTTzIgT3BlbiBCYW5raW5nIFRQUCAoU2FuZGJveCkiLCJzb2Z0d2FyZV9jbGllbnRfZGVzY3JpcHRpb24iOiJUaGlzIFRQUCBJcyBjcmVhdGVkIGZvciB0ZXN0aW5nIHB1cnBvc2VzLiAiLCJzb2Z0d2FyZV92ZXJzaW9uIjoxLjUsInNvZnR3YXJlX2NsaWVudF91cmkiOiJodHRwczovL3dzbzIuY29tIiwic29mdHdhcmVfcmVkaXJlY3RfdXJpcyI6WyJodHRwczovL3dzbzIuY29tIl0sInNvZnR3YXJlX3JvbGVzIjpbIkFJU1AiLCJQSVNQIl0sIm9yZ2FuaXNhdGlvbl9jb21wZXRlbnRfYXV0aG9yaXR5X2NsYWltcyI6eyJhdXRob3JpdHlfaWQiOiJPQkdCUiIsInJlZ2lzdHJhdGlvbl9pZCI6IlVua25vd24wMDE1ODAwMDAxSFFRclpBQVgiLCJzdGF0dXMiOiJBY3RpdmUiLCJhdXRob3Jpc2F0aW9ucyI6W3sibWVtYmVyX3N0YXRlIjoiR0IiLCJyb2xlcyI6WyJBSVNQIiwiUElTUCJdfSx7Im1lbWJlcl9zdGF0ZSI6IklFIiwicm9sZXMiOlsiQUlTUCIsIlBJU1AiXX0seyJtZW1iZXJfc3RhdGUiOiJOTCIsInJvbGVzIjpbIkFJU1AiLCJQSVNQIl19XX0sInNvZnR3YXJlX2xvZ29fdXJpIjoiaHR0cHM6Ly93c28yLmNvbS93c28yLmpwZyIsIm9yZ19zdGF0dXMiOiJBY3RpdmUiLCJvcmdfaWQiOiIwMDE1ODAwMDAxSFFRclpBQVgiLCJvcmdfbmFtZSI6IldTTzIgKFVLKSBMSU1JVEVEIiwib3JnX2NvbnRhY3RzIjpbeyJuYW1lIjoiVGVjaG5pY2FsIiwiZW1haWwiOiJzYWNoaW5pc0B3c28yLmNvbSIsInBob25lIjoiKzk0Nzc0Mjc0Mzc0IiwidHlwZSI6IlRlY2huaWNhbCJ9LHsibmFtZSI6IkJ1c2luZXNzIiwiZW1haWwiOiJzYWNoaW5pc0B3c28yLmNvbSIsInBob25lIjoiKzk0Nzc0Mjc0Mzc0IiwidHlwZSI6IkJ1c2luZXNzIn1dLCJvcmdfandrc19lbmRwb2ludCI6Imh0dHBzOi8va2V5c3RvcmUub3BlbmJhbmtpbmd0ZXN0Lm9yZy51ay8wMDE1ODAwMDAxSFFRclpBQVgvMDAxNTgwMDAwMUhRUXJaQUFYLmp3a3MiLCJvcmdfandrc19yZXZva2VkX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDFIUVFyWkFBWC9yZXZva2VkLzAwMTU4MDAwMDFIUVFyWkFBWC5qd2tzIiwic29mdHdhcmVfandrc19lbmRwb2ludCI6Imh0dHBzOi8va2V5c3RvcmUub3BlbmJhbmtpbmd0ZXN0Lm9yZy51ay8wMDE1ODAwMDAxSFFRclpBQVgvOWI1dXNEcGJOdG14RGNUenM3R3pLcC5qd2tzIiwic29mdHdhcmVfandrc19yZXZva2VkX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDFIUVFyWkFBWC9yZXZva2VkLzliNXVzRHBiTnRteERjVHpzN0d6S3AuandrcyIsInNvZnR3YXJlX3BvbGljeV91cmkiOiJodHRwczovL3dzbzIuY29tIiwic29mdHdhcmVfdG9zX3VyaSI6Imh0dHBzOi8vd3NvMi5jb20iLCJzb2Z0d2FyZV9vbl9iZWhhbGZfb2Zfb3JnIjoiV1NPMiBPcGVuIEJhbmtpbmcifQ.CA14ogdcpNwoHiIJoz6mTxNpM2wRrqiZAcbmK0RnDx2GDN3BHYnZG0Eq6VgyPbPrcRyfWl8jQs2ESsWc5JSBwejHbvpnx7kVByYkG44dhozaPANEZltNj4M912CgHeKPd_d0uID8dIUq8_s2kYMsoCccBqGyFTIymVK01HX_X_-T7npG_ovE8CLgilMFkijy5PiFC83hopxixeQfRgdmHCR_1boksbFDK3RPIEe5PiODvX8vlWB8iUGy7PGzZ0ikXBD0lx9p1AJEyYF3x1pCjsSH8tJC5E5CG0xZLQPPkT3A_SpjiUh5ElNdNcmTPow2LVSxP9QusN4vWpEMUNd9pw"
} |
|
|
[Back To Top]
...
Deleting an application
The API allows the TPP to request the ASPSP to delete an existing client. The request relies on Mutual TLS authentication and application access token (Client Credentials grant type) for TPP authentication.
The request has one path parameter named ClientId. It specifies the ClientId of the application that the TPP wants to delete.
- If the request is successful and the
ClientId matches the client to whom the Client Credentials grant access token was issued, the ASPSP must delete the client and invalidate long lived access tokens that were issued to the client - If the ClientId is unknown, the ASPSP responds with an Unauthorized status code and immediately revokes the access token
...
You can find a sample request sent to the retrieving endpoint below.
| Localtabgroup |
|---|
| Localtab |
|---|
| | Code Block |
|---|
curl -X DELETE \
https:// |
localhost<WSO2_OB_APIM_HOST>:8243/open-banking/v3.2/register/ |
KzLXAWqCn3CVlp26uWS9MzVH1caID> \
-H 'Authorization: Bearer |
f044e75d-9c11-3133-b60b-9a36e5a0ed80<APPLICATION_ACCESS_TOKEN>' \
--cert |
-H 'Content-Type: application/jwt' -k<TRANSPORT_PUBLIC_KEY_FILE_PATH> --key <TRANSPORT_PRIVATE_KEY_FILE_PATH> |
|
|
If the deletion is successful you will get a 204 No Content response.
...