|
23 | 23 | ], |
24 | 24 | "properties": { |
25 | 25 | "aud": { |
26 | | - "$id": "#/properties/aud", |
27 | 26 | "title": "The audiences for the token", |
28 | 27 | "description": "The value should be or include the API Provider Issuer Identifier URL", |
29 | 28 | "oneOf": [ |
|
34 | 33 | }, |
35 | 34 | { |
36 | 35 | "type": "array", |
37 | | - "$id": "#/properties/aud/items", |
38 | 36 | "items": { |
39 | 37 | "type": "string", |
40 | 38 | "pattern": "^(.+)$" |
|
44 | 42 | ] |
45 | 43 | }, |
46 | 44 | "iat":{ |
47 | | - "$id": "#/properties/iat", |
48 | 45 | "type": "integer", |
49 | 46 | "description": "Time on which the Request Object was issued. May be used for determining age", |
50 | 47 | "examples": [1496397168] |
51 | 48 | }, |
52 | 49 | "exp": { |
53 | | - "$id": "#/properties/exp", |
54 | 50 | "type": "integer", |
55 | 51 | "description": "Expiration time on or after which the Request Object MUST NOT be accepted for processing.", |
56 | 52 | "examples": [1496397168] |
57 | 53 | }, |
58 | 54 | "nbf": { |
59 | | - "$id": "#/properties/nbf", |
60 | 55 | "type": "integer", |
61 | 56 | "description": "Time before which the Request Object MUST NOT be accepted for processing.", |
62 | 57 | "examples": [1496397168] |
63 | 58 | }, |
64 | 59 | "iss": { |
65 | | - "$id": "#/properties/iss", |
66 | 60 | "type": "string", |
67 | 61 | "title": "The Issuer of the token", |
68 | 62 | "description": "The value should be the client ID of the third party, unless signed by a different party", |
|
71 | 65 | "pattern": "^(.+)$" |
72 | 66 | }, |
73 | 67 | "jti": { |
74 | | - "$id": "#/properties/jti", |
75 | 68 | "type": "string", |
76 | 69 | "title": "The unique identifier of the token", |
77 | 70 | "description": "Used for determining token uniqueness. The value should be have sufficient entropy to make likelihood of collisions negligible.", |
78 | 71 | "examples": ["d92f1393-752e-49c2-8ce3-90abc6b29655"] |
79 | 72 | }, |
80 | 73 | "response_type": { |
81 | | - "$id": "#/properties/response_type", |
82 | 74 | "type": "string", |
83 | 75 | "title": "The type of the response token", |
84 | 76 | "default": "code", |
85 | 77 | "examples": ["code"], |
86 | 78 | "enum": ["code"] |
87 | 79 | }, |
88 | 80 | "response_mode": { |
89 | | - "$id": "#/properties/response_mode", |
90 | 81 | "type": "string", |
91 | 82 | "title": "The mode used to deliver the response token", |
92 | 83 | "default": "jwt", |
93 | 84 | "examples": ["jwt"], |
94 | 85 | "enum": ["jwt"] |
95 | 86 | }, |
96 | 87 | "client_id": { |
97 | | - "$id": "#/properties/client_id", |
98 | 88 | "type": "string", |
99 | 89 | "title": "The ID of the third-party client", |
100 | 90 | "default": "", |
101 | 91 | "examples": ["s6BhdRkqt3"], |
102 | 92 | "pattern": "^(.+)$" |
103 | 93 | }, |
104 | 94 | "redirect_uri": { |
105 | | - "$id": "#/properties/redirect_uri", |
106 | 95 | "type": "string", |
107 | 96 | "title": "The URI to which to redirect the customer User Agent after authorization", |
108 | 97 | "default": "", |
109 | 98 | "examples": ["https://api.mytpp.com/cb"], |
110 | 99 | "format": "uri" |
111 | 100 | }, |
112 | 101 | "code_challenge": { |
113 | | - "$id": "#/properties/code_challenge", |
114 | 102 | "type": "string", |
115 | 103 | "title": "The PKCE code challenge value", |
116 | 104 | "examples": ["roXsvRC1K-5WAYWLWsqQJpXTR8NznFgysjjqKhqhSO4"], |
117 | 105 | "pattern": "^[a-zA-Z0-9\\-_]*$" |
118 | 106 | }, |
119 | 107 | "code_challenge_method": { |
120 | | - "$id": "#/properties/code_challenge_method", |
121 | 108 | "type": "string", |
122 | 109 | "title": "The mode used to deliver the response token", |
123 | 110 | "examples": ["S256"], |
124 | 111 | "default": "S256", |
125 | 112 | "enum": ["S256"] |
126 | 113 | }, |
127 | 114 | "scope": { |
128 | | - "$id": "#/properties/scope", |
129 | 115 | "type": "string", |
130 | 116 | "title": "The OAuth scopes requested", |
131 | 117 | "description": "Must include 'openid' and any other scopes required", |
|
134 | 120 | "pattern": "^openid([ ].*)*$" |
135 | 121 | }, |
136 | 122 | "state": { |
137 | | - "$id": "#/properties/state", |
138 | 123 | "type": "string", |
139 | 124 | "title": "The third-party specific state", |
140 | 125 | "description": "Opaque to API provider", |
|
143 | 128 | "pattern": "^(.+)$" |
144 | 129 | }, |
145 | 130 | "nonce": { |
146 | | - "$id": "#/properties/nonce", |
147 | 131 | "type": "string", |
148 | 132 | "title": "Third party nonce to avoid replay", |
149 | 133 | "default": "", |
150 | 134 | "examples": ["n-0S6_WzA2Mj"], |
151 | 135 | "pattern": "^(.+)$" |
152 | 136 | }, |
153 | 137 | "max_age": { |
154 | | - "$id": "#/properties/max_age", |
155 | 138 | "type": "integer", |
156 | 139 | "title": "Third-party specified maximum authentication age", |
157 | 140 | "default": 0, |
158 | 141 | "examples": [86400] |
159 | 142 | }, |
160 | 143 | "display": { |
161 | | - "$id": "#/properties/display", |
162 | 144 | "type": "string", |
163 | 145 | "title": "Specify how to display authentication and consent to customer", |
164 | 146 | "enum": ["page", "popup", "touch", "wap"] |
165 | 147 | }, |
166 | 148 | "prompt": { |
167 | | - "$id": "#/properties/prompt", |
168 | 149 | "type": "string", |
169 | 150 | "title": "Specify whether the authorisation server should prompt for authentication and consent to customer", |
170 | 151 | "examples": ["none", "login consent", "consent", "select_account"] |
171 | 152 | }, |
172 | 153 | "ui_locales": { |
173 | | - "$id": "#/properties/ui_locales", |
174 | 154 | "type": "string", |
175 | 155 | "title": "Specify preferred languages to display authentication and consent to customer", |
176 | 156 | "examples": ["en-nz", "mi", "en-nz mi"] |
177 | 157 | }, |
178 | 158 | "id_token_hint": { |
179 | | - "$id": "#/properties/id_token_hint", |
180 | 159 | "type": "string", |
181 | 160 | "description": "An ID token that was previously issued to the third party being replayed as a hint to the user identity" |
182 | 161 | }, |
183 | 162 | "claims_locales":{ |
184 | | - "$id": "#/properties/claims_locales", |
185 | 163 | "type": "string", |
186 | 164 | "title": "Specify preferred languages to return claims to third party", |
187 | 165 | "examples": ["en-nz", "mi", "en-nz mi"] |
188 | 166 | }, |
189 | 167 | "claims": { |
190 | | - "$id": "#/properties/claims", |
191 | 168 | "type": "object", |
192 | 169 | "title": "Claims object that holds the id_token request", |
193 | 170 | "additionalProperties": true, |
194 | 171 | "required": ["id_token"], |
195 | 172 | "properties": { |
196 | 173 | "id_token": { |
197 | | - "$id": "#/properties/claims/properties/id_token", |
198 | 174 | "type": "object", |
199 | 175 | "title": "The ID token request claims", |
200 | 176 | "additionalProperties": true, |
201 | 177 | "required": ["ConsentId"], |
202 | 178 | "properties": { |
203 | 179 | "ConsentId": { |
204 | | - "$id": "#/properties/claims/properties/id_token/properties/ConsentId", |
205 | 180 | "type": "object", |
206 | 181 | "title": "The Consent ID object", |
207 | 182 | "additionalProperties": false, |
208 | 183 | "required": ["value", "essential"], |
209 | 184 | "properties": { |
210 | 185 | "value": { |
211 | | - "$id": "#/properties/claims/properties/id_token/properties/ConsentId/properties/value", |
212 | 186 | "type": "string", |
213 | 187 | "title": "The value of Consent ID", |
214 | 188 | "default": "", |
215 | 189 | "examples": ["urn-alphabank-intent-58923"], |
216 | 190 | "pattern": "^(.+)$" |
217 | 191 | }, |
218 | 192 | "essential": { |
219 | | - "$id": "#/properties/claims/properties/id_token/properties/ConsentId/properties/essential", |
220 | 193 | "type": "boolean", |
221 | 194 | "title": "Essential claim identifier", |
222 | 195 | "default": false, |
|
0 commit comments