Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add signature headers to AS endpoints #209

Open
wilsonianb opened this issue Nov 7, 2022 · 1 comment
Open

Add signature headers to AS endpoints #209

wilsonianb opened this issue Nov 7, 2022 · 1 comment
Labels
type: specification Changes to the specification

Comments

@wilsonianb
Copy link
Contributor

Move signature header parameters to shared schemas.yaml

signature:
name: Signature
in: header
schema:
type: string
example: 'Signature: sig1=:EWJgAONk3D6542Scj8g51rYeMHw96cH2XiCMxcyL511wyemGcw==:'
description: 'The signature generated based on the Signature-Input, using the signing algorithm specified in the "alg" field of the JWK.'
required: true
signature-input:
name: Signature-Input
in: header
schema:
type: string
example: 'Signature-Input: sig1=("@method" "@target-uri" "content-digest" "content-length" "content-type");created=1618884473;keyid="gnap-rsa"'
description: 'The Signature-Input field is a Dictionary structured field containing the metadata for one or more message signatures generated from components within the HTTP message. Each member describes a single message signature. The member''s key is the label that uniquely identifies the message signature within the context of the HTTP message. The member''s value is the serialization of the covered components Inner List plus all signature metadata parameters identified by the label. The following components MUST be included: - "@method" - "@target-uri" - "authorization" When the message contains a request body, the covered components MUST also include the following: - "content-digest" The keyid parameter of the signature MUST be set to the kid value of the JWK. See [ietf-httpbis-message-signatures](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-message-signatures#section-4.1) for more details.'
required: true

Include header parameter in relevant grant request(s)
parameters:
- $ref: '#/components/parameters/signature-input'
- $ref: '#/components/parameters/signature'

/:
post:
summary: Grant Request

@njlie
Copy link
Contributor

njlie commented Nov 17, 2022

Would it also make sense to include adding 401 responses to the AS endpoints for invalid signatures to the scope of this issue?

@mkurapov mkurapov moved this to Backlog in Open Payments Jun 28, 2023
@mkurapov mkurapov added the type: specification Changes to the specification label Oct 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
type: specification Changes to the specification
Projects
Status: Backlog
Development

No branches or pull requests

3 participants