This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, go to https://wso2.com/documentation/.
Pushed Authorisation Endpoint
According to the Consumer Data Standards specification, there are two methods to send request_object in the authorisation URL. Authorisation and Pushed Authorisation endpoints are used by the bank to redirect the bank customer to authenticate and approve/deny consents before a Data Recipient accesses account or transaction information. Let's see how it is done in WSO2 Open Banking:
- Using the authorisation details in the authorisation URL.
Using a reference to the authorisation details in the authorisation URL.
Request objects which contain the cdr_arrangement_id
claim must only be sent using the Push Authorisation Request (PAR). cdr_arrangement_id
is a unique value representing a consent arrangement between a Data Recipient and Data Holder for a given consumer. You have to include it in the request object of the consent amendment request in PAR.
In order to understand the two methods, let's see the difference between the Authorisation and Pushed Authorisation endpoints and how they work in the Consumer Data Standards API.
Authorisation Endpoint
Authorisation endpoint uses request_object, which consists of authorisation details in the authorisation URL.
Pushed Authorisation Endpoint
Unlike in the Authorisation endpoint, in the Pushed Authorisation endpoint, Data Recipients pushes authorisation details directly to the authorisation server and obtains a reference. The reference is notated by the claim; request_uri
.
Thereby, it prevents:
- Intruders from intercepting the authorisation information sent in the
request_object
- Authorisation request calls becoming large with the authorisation details signed in the JWT
and protects the confidentiality and integrity of the authorisation details when passing through a third-party application. Let's see how it is done in WSO2 Open Banking: To resolve authorisation request calls with By default, the expiry time of the Add the following configuration to have the Data Holde identifier in the response under the Data Recipient shares the authorisation details with the authorisation server as a signed JWT and obtains You can update This is available only as a WSO2 Update and is effective from July 14, 2021 (07-14-2021). For more information on updating WSO2 Open Banking, see Updating WSO2 Products. See the sample request given below: Run the following authorisation URL in a browser to prompt the invocation of the authorize API. Make sure you update the placeholders with the relevant values: Upon agreement, the consumer is redirected to the callback URL of the ADR with the authorization code. For example:
Once you authorise the consent, follow the instructions given in Consumer Data Standards API v1.3.0 to try out the API. <WSO2_OB_IAM_HOME>/repository/conf/deployment.toml
as follows:request_uri,
a new request object builder must be added as follows:[[oauth.oidc.custom_request_object_builder]]
type = "request_uri_param_value_builder"
class = "com.wso2.finance.open.banking.identity.extensions.builders.RequestUriRequestObjectBuilder"
request_uri
is set to 60 seconds. If you need to change the value, use the sample configuration as follows: [open_banking.au.push_authorisation]
expiry_time = "60"
request_uri
parameter:[open_banking.au]
holder_identifier = "abc-bank"
request_uri
in the response: scope, accounts, and sharing duration
of an existing consent that you retrieved from the PAR endpoint. If you want to update the existing consent, include the cdr_arrangement_id
parameter in the request object as follows:
curl --location --request POST 'https://localhost:8243/par' \
--header 'Accept: application/json' \
--header 'Cache-Control: no-cache' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'request=<signed request object> \
--data-urlencode 'client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer' \
--data-urlencode 'request=eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkR3TUtkV01tajdQV2ludm9xZlF5WFZ6eVo2USJ9.eyJhdWQiOiJodHRwczovL2xvY2FsaG9zdDo4MjQzL3Rva2VuIiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJjbGllbnRfaWQiOiJIeGFJVXQyTUtvMnBZekJZZlBhRm9iSER0WlFhIiwicmVkaXJlY3RfdXJpIjoiaHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS9yZWRpcmVjdHMvcmVkaXJlY3QxIiwic2NvcGUiOiJvcGVuaWQgYmFuazpwYXllZXM6cmVhZCIsInN0YXRlIjoiYWYwaWZqc2xka2oiLCJub25jZSI6Im4tMFM2X1d6QTJNaiIsImNsYWltcyI6eyJzaGFyaW5nX2R1cmF0aW9uIjoiODY0MDAwIiwiY2RyX2FycmFuZ2VtZW50X2lkIjoiOGVjMzRjNjAtZDljOS00YTc4LThlMGUtZTliM2ZkMTAwYjc0IiwiaWRfdG9rZW4iOnsiYWNyIjp7ImVzc2VudGlhbCI6dHJ1ZSwidmFsdWVzIjpbInVybjpjZHMuYXU6Y2RyOjMiXX19LCJ1c2VyaW5mbyI6eyJnaXZlbl9uYW1lIjpudWxsLCJmYW1pbHlfbmFtZSI6bnVsbH19fQ.MX_eTIrhnYf-u64Yn2rKpaF51s_JJsCiRbn0Ec9GxpGweeWWJLj-uwSJcOuu6ck3fGG5mr9OeE2014hTMzgn3jd7aBRbsXVOqjb3OapdnR84k5VDl5lK31i0Uf4HFxjKWIwrG6hu0_O3IYGNdev_DuNb26KO3FWYKgDp_eHn12KWYUVpPm1SGcFEo_o5JHZp50k3NNiE0nPCdzP0lOXrmi99y4SB1Q-tf85YhvqsCqQLhSpv5xmwvWPG8XLowTEdnVCu68Je-Jomw_OLQI9LZJZJPHrcfUlUshIw4Hswd1O2Wp1aolbH_zWQJlLE2LXrfL0KVLRA17WFmjK-kXhq5'\
--data-urlencode 'client_assertion=eyJraWQiOiJXX1RjblFWY0hBeTIwcTh6Q01jZEJ5cm9vdHciLCJhbGciOiJQUzI1NiJ9.eyJzdWIiOiJVT05ZVGlGVll2a09mcUlyVkRxeTkwUmtMTU1hIiwiYXVkIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6ODI0My9wYXIiLCJpc3MiOiJVT05ZVGlGVll2a09mcUlyVkRxeTkwUmtMTU1hIiwiZXhwIjoxNjM4NjIzMjU5LCJqdGkiOiIzOTIxMzExMjE0OTEifQ.id6Yi6DS-KVnpKmHt9uZwN5X9gaFcZD6L0b9vrss_iA46RtpzlqRNeRdtMtoWYW1fKbqCvgz-gq-7HlzRBm9XO5CxTevCVliO-ObWju4Vyc9iLXYYBWpUo9H04HJkU8HUY3KPQDLtrijNBoEwOTv0zcEwxy-qVdkrT4F6t5eU6aZQf2MSiG-XdAd54vE-m2vx2pNsFE_ZLUXSv3YVfHuGFXzA21C0kumRhc4Mr1W3svzaNxHPb5E7w-61RXeJtnQY2WsgxmdYkSzg_rYJ1kAVfkZjW2l1KNP9uYpIewUMPnayiZ-RT1vDYCIcjnqbBOGrfStGASTg-2tFaWN8xI7eQ'
Subscriber
role.https://www.google.com/redirects/redirect1#code=2c8a03f7-af33-326f-839a-63a4eebfe3f5&id_token=eyJraWQiOiJEd01LZFdNbWo3UFdpbnZvcWZReVhWenlaNlEiLCJlbmMiOiJBMTI4R0NNIiwiYWxnIjoiUlNBMV81In0.KaRhQA63F2Sm72zSZrkoRucIiz4IC0pzqApjTzSOJSyV_J6fYBwHuIAjLn4MZA36ZfVCmm3-KzqJcGAv9W9sDWBi7aI80CVKLFVJ2rh9l_9bMnANjm5fCsZ-pE_F4eW5BnqiU7xOoel31W2WF2brEWf9l5dibILU5E7inYKkQ9qPCS3Ei7uo9LTYQMWR4RQSglAsb5TsnijOPtGBvQgyuwOeI9vWBIcm7Y64NXuWKiv1iManbTepggpKhCSj9qPPizVV4v7Vv1IgHbvViRCE0uIvomLsL9qTxkBVK2s_h3welM9-9CE0WvoGkbYgsDc3nBQEx7Vj4hBiYJ0nD2_dWw.zslxDgOETvBaMOTQ.XAPYdrt5HXhvF53llXp40YkRHWBSrosYDc0UVLnqwJkAcNs3CQo8vWKSNqfc8l6CezvFPinul4LEp-eRrOqrpnhzAMf-W4O-s0jjF0dPsa3NII_qdi5bmCQhwxTVzo31SBiKn1aCBu8lQXSLUAz7z3UF6JyH1OkCXU3Ld8puF45QTRoTRPru8oNy8W8ZbchDj11IhEzrT9RPmWznCDQ3rs8M16R636-TuULXdSqJUGtXB3wteXu8lcgGpIMno1T6Bq2rI8Ncg_rCe6RgepAlEjlC0J0hpgMOk-EiXFDXN5N0NfEo6VSv9-M1v5THSJBThZIlcZrL-njz4G2NiDa30PSrQFqLgusYpZNpL1bHGsUbz_Xqvwlpjq-A5TcrqjxwWHkK383pY-tE064FKQuk93HnOee1gp4iRc9GLiqOK4vawSKStaSWe1oWxeFkDDuY85H3rFL1U8JzAC-vbPpozju82q7mONQto0q1fnCa80jtl5rDVsxzXLkEDbfwrvE-_13MKTLGc9io-PbEy6UgD9bAz5qvoOtNLWh0rcAbT5yhnZnruecB9l3yBsnbo60HQC_83mMzPWjGQaTm-ujO-hockrUSkezEO2JhNKrMWI5V-2aBNin_0UcSShMQnFy4P9baFKcyvrt2r3LNOvqfl_mK9qh57AOQw4vjhJRRaPVVacB8h5WCoiq8ut8wnHq3L2MvF9HId9T0Ug9FaPP76ofLziM.u19pyEql02PpVrFrki3RWA&state=af0ifjsldkj&session_state=c57cc0825bf8838fd2b6f14597ed34b5d9404493b216092e9daa766749cdac40.-1D9AEiTjPN-3hzlRFN97Q
code=4489572f-83c9-3589-b403-c4ecf8fb77f4).