Dynamic Client Registration API

(1 review)

home

Introduction

This specification defines the mechanism by which a Primary Technical Contact (PTC) for a Third Party Provider (TPP) may submit a Software Statement Assertion (SSA) to Bank of Ireland for the purpose of receiving the details of the client enabling access to BOI APIs on behalf of BOI Customer. This automated mechanism is compliant with Open Banking's Dynamic Client Registration specification v3.0

Software Statement Assertion (SSA)

The SSA is a JSON Web Token (JWT) containing client metadata about an instance of TPP client software. The JWT must be issued and signed by Open Banking for Production. For our Sandbox a TPP can use an unsigned SSA.

SSA Payload

The payload of an SSA MUST be a compliant software statement according to [RFC7591]. The SSA MUST also be a compliant JWT according to [RFC7519]. The table below describes the metadata profiles.

MetadataDescriptionSource Specification
software_idUnique Identifier for TPP Client Software[RFC7591]
issSSA Issuer[RFC7519]
iatTime SSA is issued[RFC7519]
jtiJWT ID[RFC7519]

The following software metadata is additionally defined for this profile:

MetadataDescription
software_client_idThe client ID registered at OB used to access OB resources for non-OB SSA, client id is used as an input by BOI to generate the unique client_id for a TPP.
software_client_descriptionHuman-readable detailed description of the client
software_client_nameHuman-readable Software Name
software_client_uriThe website or resource root uri
software_versionThe version number of the software should a TPP choose to register and / or maintain it
software_environmentRequested additional field to avoid certificate check
software_jwks_endpointContains all active signing and network certificates for the software
software_jwks_revoked_endpointContains all revoked signing and network certificates for the software
software_logo_uriLink to the TPP logo. Note, ASPSPs are not obliged to display images hosted by third parties
software_modeASPSP requested additional field to indicate that this software is "Test" or "Live" the default is "Live". Impact and support for "Test" software is up to the ASPSP.
software_on_behalf_of_orgA reference to fourth party organsiation resource on the OB Directory if the registering TPP is acting on behalf of another.
software_on_behalf_of_org_typeThe type of organisation that this software has a relationship with. Regulated on OB Directory, not regulated, regulated not on OB Directory
software_policy_uriA link to the software's policy page
software_redirect_urisRegistered client callback endpoints as registered with Open Banking
software_rolesA multi value list of PSD2 roles that this software is authorized to perform.
software_tos_uriA link to the software's terms of service page

The following organisational metadata is defined for this profile:

MetadataDescription
organisation_competent_authority_claimsAuthorisations granted to the organisation by an NCA
org_statusIncluded to cater for voluntary withdrawal from OB scenarios default values: Active, Revoked or Withdrawn
org_idThe unique TPP or ASPSP ID held by Open Banking. In Sandbox, for non-OB SSA this field should contain the NCA ID as per the eIDAS certificate.
org_nameLegal entity identifier or other known organisation name
org_contactsJSON array of objects containing a triplet of name, email, and phone number
org_jwks_endpointContains all active signing and network certificates for the organisation
org_jwks_revoked_endpointContains all revoked signing and network certificates for the organisation
ob_registry_tosA link to the OB registries terms of service page
SSA Header

The SSA header MUST comply with [RFC7519].

MetadataDescription
typMUST be set to JWT
algMUST be set to PS256. For Sandbox, non-OB SSA this field should be set to "NONE".
kidThe kid will be kept the same as the "x5t" parameter. (X.509 Certificate SHA-1 Thumbprint) of the signing certificate.
OB SSA Example

The elements defined in the software statement will consist of the following values.

HEADER:ALGORITHM & TOKEN TYPE

{
  "alg": "PS256",
  "kid": "j_OPXe8tchWuhQ3gVN-SOOOTyDY",
  "typ": "JWT"
}

PAYLOAD:DATA

{
  "iat": 1537249394,
  "iss": "OpenBanking Ltd",
  "jti": "3SjuymQ2BSNmSFljZIV32H",
  "ob_registry_tos": "https://registry.openbankingtest.org.uk/tos.html",
  "org_contacts": [
    {
      "email": "OBTechnicalQueries@BOI.COM",
      "name": "Technical",
      "phone": "0860681762",
      "type": "Technical"
    },
    {
      "email": "OBBusinessQueries@BOI.COM",
      "name": "Business",
      "phone": "07584 214830",
      "type": "Business"
    }
  ],
  "org_id": "0015800000jfQ9aAAE",
  "org_jwks_endpoint": "https://keystore.openbankingtest.org.uk/0015800000jfQ9aAAE/0015800000jfQ9aAAE.jwks",
  "org_jwks_revoked_endpoint": "https://keystore.openbankingtest.org.uk/0015800000jfQ9aAAE/revoked/0015800000jfQ9aAAE.jwks",
  "org_name": "Bank of Ireland (UK) Plc",
  "org_status": "Active",
  "organisation_competent_authority_claims": {
    "authorisations": [
      {
        "member_state": "GB",
        "roles": [
          "AISP",
          "PISP"
        ]
      }
    ],
    "authority_id": "FCAGBR",
    "registration_id": "512956",
    "status": "Active"
  },
  "software_client_description": "CMA2_DeV_18_9",
  "software_client_id": "53ZcZkjLM1sXLOAHkwG6DB",
  "software_client_name": "CMA2_DeV_18_9",
  "software_client_uri": "https://www.getpostman.com/oauth2/callback",
  "software_environment": "sandbox",
  "software_id": "53ZcZkjLM1sXLOAHkwG6DB",
  "software_jwks_endpoint": "https://keystore.openbankingtest.org.uk/0015800000jfQ9aAAE/53ZcZkjLM1sXLOAHkwG6DB.jwks",
  "software_jwks_revoked_endpoint": "https://keystore.openbankingtest.org.uk/0015800000jfQ9aAAE/revoked/53ZcZkjLM1sXLOAHkwG6DB.jwks",
  "software_logo_uri": "https://www.getpostman.com/oauth2/callback",
  "software_mode": "Live",
  "software_on_behalf_of_org": "CG",
  "software_policy_uri": "https://www.getpostman.com/oauth2/callback",
  "software_redirect_uris": [
    "https://www.getpostman.com/oauth2/callback"
  ],
  "software_roles": [
    "AISP",
    "PISP"
  ],
  "software_tos_uri": "https://www.getpostman.com/oauth2/callback",
  "software_version": 1.1
}
NON-OB SSA Example

The elements defined in the software statement will consist of the following values.


HEADER:ALGORITHM & TOKEN TYPE

{
  "alg": "NONE"
}

PAYLOAD:DATA

{
  "iss": "PSDIE-CBI-123456",
  "software_client_description": "Non OB SSA Client",
  "software_id": "1OEwYAKNONOBSSAClient",
  "software_roles": [
    "AISP",
    "PISP",
    "CBPII"
  ],
  "exp": 1590776620,
  "iat": 1550774820,
  "jti": "51a15308-3193-4702-a1e0-5bc421e0d88a",
  "software_client_name": "NON_OB_SSA_CLIENT",
  "software_client_id": "1OEwYAKNONOBSSAClient",
  "software_redirect_uris": [
    "https://google.com"
  ],
  "org_id": "PSDIE-CBI-123456",
  "org_name": "Test TPP for Non OB SSA",
  "organisation_competent_authority_claims": {
    "authorisations": [
      {
        "roles": [
          "AISP",
          "PISP",
          "CBPII"
        ]
      }
    ]
  }
}
Client Registration Endpoint

BOI supports automated client registration endpoint protected by mutually authenticated transport-layer security using certificates chaining to the Open Banking certificate authority.

Client Registration Request

To register as a client at BOI, the TPP sends an HTTP POST to the registration endpoint. The request MUST be presented in the format of a [RFC7519] compliant JWT. The request MUST use the HTTP POST method, using the application/jwt method. The JWT MUST be signed using algorithms specified in Open Banking documentation.

Header Claims

MetadataDescription
typMUST be set to JWT
algMUST be set to PS256.
kidThe kid will be kept the same as the "x5t" parameter. (X.509 Certificate SHA-1 Thumbprint) of the signing certificate.
x5cPublic certificate of the QSealC. Only to be populated when non-OB SSA is used in request claims.

Request Claims

ClaimDescriptionSource SpecificationOptionalComments
issRequest Issuer (The TPP)[RFC7519]NO 
iatTime of issuance of request[RFC7519]NO 
expRequest expiration time[RFC7519]NO 
audRequest audience (The ASPSP)[RFC7519]NO 
jtiJWT ID[RFC7519]NO 
redirect_urisRegistered URIs the TPP will use to interact with BOI[OIDC-R]NOMUST match or be a subset of the software_redirect_uris claim in the SSA
token_endpoint_auth_methodSpecifies which token endpoint authentication method the TPP wants to use[RFC7591]NO 
tls_client_auth_dnSubject DN of the transport certificate that the TPP will present to the ASPSP token endpoint[RFC7591]NO 
grant_typesA JSON array specifying what the TPP can request to be supplied to the token endpoint as exchange for an access token[RFC7591]NO 
response_typesA JSON array specifying what the TPP can request to be returned from the ASPSP authorisation endpoint.[RFC7591]YES 
software_idThe software_id in the request MUST match the software_id specified in the SSA[RFC7591]YES 
scopescopes the client is asking for (if not specified, default scopes are assigned by the AS)[RFC7591]YESMinimum scope should be openid + whatever scopes are appropriate for the softwares PSD2 Role.
software_statementSSA issued by Open Banking identifier or non-OB SSA generated by TPP[RFC7519]NO 
application_typeWeb or Mobile[OIDC-R]NOMUST be web if specified.
id_token_signed_response_algAlgorithm which the TPP expects to sign the id_token, if an id_token is returned.[OIDC-R]NO 
request_object_signing_algAlgorithm which the TPP expects to sign the request object if a request object will be part of the authorization request sent to the ASPSP.[OIDC-R]NO

Example Dynamic Client Registration Request

curl -X POST \

  https://api-sandbox.bankofireland.com/1/api/open-banking/v1.2/register \

  -H 'Cache-Control: no-cache' \

  -H 'Content-Type: application/jwt' \

  -H 'Postman-Token: 4d718d91-6005-459e-903c-7053ea06aa87' \

  -d eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjZwSXp3bDBILWF6X2g5Y0VPejQ4UXdfT0tuOCJ9.eyJncmFudF90eXBlcyI6WyJhdXRob3JpemF0aW9uX2NvZGUiLCJyZWZyZXNoX3Rva2VuIiwiY2xpZW50X2NyZWRlbnRpYWxzIl0sImFwcGxpY2F0aW9uX3R5cGUiOiJXRUIiLCJpc3MiOiIxT0V3WUFLSWdNdGVmdk9LZlNFZEFTIiwicmVkaXJlY3RfdXJpcyI6WyJodHRwczovL3d3dy5nZXRwb3N0bWFuLmNvbS9vYXV0aDIvY2FsbGJhY2siXSwidG9rZW5fZW5kcG9pbnRfYXV0aF9tZXRob2QiOiJ0bHNfY2xpZW50X2F1dGgiLCJ0bHNfY2xpZW50X2F1dGhfZG4iOiJDTj0xT0V3WUFLSWdNdGVmdk9LZlNFZEFTLCBPVT0wMDE1ODAwMDAwamZROWFBQUUsIE89T3BlbkJhbmtpbmcsIEM9R0IiLCJzb2Z0d2FyZV9pZCI6IjFPRXdZQUtJZ010ZWZ2T0tmU0VkQVMiLCJzb2Z0d2FyZV9zdGF0ZW1lbnQiOiJleUpoYkdjaU9pSlNVekkxTmlJc0ltdHBaQ0k2SW1SVE0waEZlbk41VmtwUFRIcFJWa2hKVld0UFNrVXlTWEZyYlRONVNHSTBRbGxmVUdKQ1JWUlhhbGs5SWl3aWRIbHdJam9pU2xkVUluMC5leUpwWVhRaU9qRTFORFEzTnpNNE1EQXNJbWx6Y3lJNklrOXdaVzVDWVc1cmFXNW5JRXgwWkNJc0ltcDBhU0k2SWpJelNteEhSVEZwTjAxTlprcEZkWFY0ZDBsNVJHb2lMQ0p2Y21kZlkyOXVkR0ZqZEhNaU9sdDdJbVZ0WVdsc0lqb2lUMEpDZFhOcGJtVnpjMUYxWlhKcFpYTkFRazlKTGtOUFRTSXNJbTVoYldVaU9pSkNkWE5wYm1WemN5SXNJbkJvYjI1bElqb2lNRGMxT0RRZ01qRTBPRE13SWl3aWRIbHdaU0k2SWtKMWMybHVaWE56SW4wc2V5SmxiV0ZwYkNJNklrOUNWR1ZqYUc1cFkyRnNVWFZsY21sbGMwQkNUMGt1UTA5Tklpd2libUZ0WlNJNklsUmxZMmh1YVdOaGJDSXNJbkJvYjI1bElqb2lNRGcyTURZNE1UYzJNaUlzSW5SNWNHVWlPaUpVWldOb2JtbGpZV3dpZlYwc0ltOXlaMTlwWkNJNklqQXdNVFU0TURBd01EQnFabEU1WVVGQlJTSXNJbTl5WjE5cWQydHpYMlZ1WkhCdmFXNTBJam9pYUhSMGNITTZMeTlyWlhsemRHOXlaUzV2Y0dWdVltRnVhMmx1WjNSbGMzUXViM0puTG5Wckx6QXdNVFU0TURBd01EQnFabEU1WVVGQlJTOHdNREUxT0RBd01EQXdhbVpST1dGQlFVVXVhbmRyY3lJc0ltOXlaMTlxZDJ0elgzSmxkbTlyWldSZlpXNWtjRzlwYm5RaU9pSm9kSFJ3Y3pvdkwydGxlWE4wYjNKbExtOXdaVzVpWVc1cmFXNW5kR1Z6ZEM1dmNtY3VkV3N2TURBeE5UZ3dNREF3TUdwbVVUbGhRVUZGTDNKbGRtOXJaV1F2TURBeE5UZ3dNREF3TUdwbVVUbGhRVUZGTG1wM2EzTWlMQ0p2Y21kZmJtRnRaU0k2SWtKaGJtc2diMllnU1hKbGJHRnVaQ0FvVlVzcElGQnNZeUlzSW05eVoxOXpkR0YwZFhNaU9pSkJZM1JwZG1VaUxDSnZjbWRoYm1sellYUnBiMjVmWTI5dGNHVjBaVzUwWDJGMWRHaHZjbWwwZVY5amJHRnBiWE1pT25zaVlYVjBhRzl5YVhOaGRHbHZibk1pT2x0N0ltMWxiV0psY2w5emRHRjBaU0k2SWtkQ0lpd2ljbTlzWlhNaU9sc2lRVWxUVUNJc0lsQkpVMUFpWFgwc2V5SnRaVzFpWlhKZmMzUmhkR1VpT2lKSlJTSXNJbkp2YkdWeklqcGJJa0ZKVTFBaUxDSlFTVk5RSWwxOUxIc2liV1Z0WW1WeVgzTjBZWFJsSWpvaVRrd2lMQ0p5YjJ4bGN5STZXeUpCU1ZOUUlpd2lVRWxUVUNKZGZWMHNJbUYxZEdodmNtbDBlVjlwWkNJNklrWkRRVWRDVWlJc0luSmxaMmx6ZEhKaGRHbHZibDlwWkNJNklqVXhNamsxTmlJc0luTjBZWFIxY3lJNklrRmpkR2wyWlNKOUxDSnpiMlowZDJGeVpWOWpiR2xsYm5SZlpHVnpZM0pwY0hScGIyNGlPaUpFUTFKZlUyRnVaR0p2ZUY4eE1qRTBYekF4SWl3aWMyOW1kSGRoY21WZlkyeHBaVzUwWDJsa0lqb2lNVTlGZDFsQlMwbG5UWFJsWm5aUFMyWlRSV1JCVXlJc0luTnZablIzWVhKbFgyTnNhV1Z1ZEY5dVlXMWxJam9pUkVOU1gxTmhibVJpYjNoZk1USXhORjh3TVNJc0luTnZablIzWVhKbFgyTnNhV1Z1ZEY5MWNta2lPaUpvZEhSd2N6b3ZMM2QzZHk1blpYUndiM04wYldGdUxtTnZiUzl2WVhWMGFESXZZMkZzYkdKaFkyc2lMQ0p6YjJaMGQyRnlaVjlsYm5acGNtOXViV1Z1ZENJNkluTmhibVJpYjNnaUxDSnpiMlowZDJGeVpWOXBaQ0k2SWpGUFJYZFpRVXRKWjAxMFpXWjJUMHRtVTBWa1FWTWlMQ0p6YjJaMGQyRnlaVjlxZDJ0elgyVnVaSEJ2YVc1MElqb2lhSFIwY0hNNkx5OXJaWGx6ZEc5eVpTNXZjR1Z1WW1GdWEybHVaM1JsYzNRdWIzSm5MblZyTHpBd01UVTRNREF3TURCcVpsRTVZVUZCUlM4eFQwVjNXVUZMU1dkTmRHVm1kazlMWmxORlpFRlRMbXAzYTNNaUxDSnpiMlowZDJGeVpWOXFkMnR6WDNKbGRtOXJaV1JmWlc1a2NHOXBiblFpT2lKb2RIUndjem92TDJ0bGVYTjBiM0psTG05d1pXNWlZVzVyYVc1bmRHVnpkQzV2Y21jdWRXc3ZNREF4TlRnd01EQXdNR3BtVVRsaFFVRkZMM0psZG05clpXUXZNVTlGZDFsQlMwbG5UWFJsWm5aUFMyWlRSV1JCVXk1cWQydHpJaXdpYzI5bWRIZGhjbVZmYkc5bmIxOTFjbWtpT2lKb2RIUndjem92TDNkM2R5NW5aWFJ3YjNOMGJXRnVMbU52YlM5dllYVjBhREl2WTJGc2JHSmhZMnNpTENKemIyWjBkMkZ5WlY5dGIyUmxJam9pVEdsMlpTSXNJbk52Wm5SM1lYSmxYMjl1WDJKbGFHRnNabDl2Wmw5dmNtY2lPaUlpTENKemIyWjBkMkZ5WlY5d2IyeHBZM2xmZFhKcElqb2lhSFIwY0hNNkx5OTNkM2N1WjJWMGNHOXpkRzFoYmk1amIyMHZiMkYxZEdneUwyTmhiR3hpWVdOcklpd2ljMjltZEhkaGNtVmZjbVZrYVhKbFkzUmZkWEpwY3lJNld5Sm9kSFJ3Y3pvdkwzZDNkeTVuWlhSd2IzTjBiV0Z1TG1OdmJTOXZZWFYwYURJdlkyRnNiR0poWTJzaVhTd2ljMjltZEhkaGNtVmZjbTlzWlhNaU9sc2lRVWxUVUNJc0lsQkpVMUFpWFN3aWMyOW1kSGRoY21WZmRHOXpYM1Z5YVNJNkltaDBkSEJ6T2k4dmQzZDNMbWRsZEhCdmMzUnRZVzR1WTI5dEwyOWhkWFJvTWk5allXeHNZbUZqYXlJc0luTnZablIzWVhKbFgzWmxjbk5wYjI0aU9qRXVNWDAuVzJ3Z3RvY1p4UXhwM2lhSnF6RFpaM2Raa2R2TEVKcEZxZmw4ZHJtbzRRVXFfVi1mc1Vjenh6c084d3dQYUFFQ0JNVzBvelh3U0t1NG5IODhVYUNIVFI4NE5VdWh5RHcxNFRvT3dSelU0TVVTaVZlRWdqZ0FtamUwQlRmZXM3ZDJaQ19IUmJjTHFzYWh1MWEyQzctdFh4Vk0wS2Nudk9yYkZlbllydV9IazY2blFWd2RZTkxNbXdXaVBnNjN0VFM4dkVITkh2ZDYzcnVpXzNTbEJPMlZ3VFFzS01YYnhpWEVrMWo2QUdRUzRENEYtTV9HS05KLVVabnFxSk1RbW5XQjBleXJraFl6dFE0U01VOG9fenJvWDFxRVhlQ1JhQ3BELW9LXy16eTBjYW4tNzBGcGEwLXB4bWMtQVBzaUtZQkt3VEwtTERhTEVtVDhjZ0VkX0RscndnIiwiYXVkIjoiaHR0cHM6Ly9hdXRoLXNhbmRib3guYXBpYm9pdGVzdC5jb20iLCJzY29wZSI6Im9wZW5pZCBhY2NvdW50cyBwYXltZW50cyIsInJlcXVlc3Rfb2JqZWN0X3NpZ25pbmdfYWxnIjoiUlMyNTYiLCJleHAiOjE1OTkzNTc4NDMsImlhdCI6MTUxOTM1Nzg0MywianRpIjoiN2FhYzkxNjQtZWVhYy00N2Q2LTgwNDItOWEyNDYxMGE5ODRlIiwiaWRfdG9rZW5fc2lnbmVkX3Jlc3BvbnNlX2FsZyI6IlJTMjU2In0.EqDCfo53egwkdc1hDH1aUcLbp3rUPpkOvmqqOzOHun_IZ0D5PkgI80Ir9vKSxqDLBL0q6TKVh_P4lKd8zUtLuZF2HMPN1G3eeRLnRsccAZQQeEAekk9aTX9_GCgV2VnURMBFbThlgmSlX7-vB4GSJOdw1yuMR2pfdSfTp_S7Hs1BSg_60jd7ExvkOvSk9GzGyoUsz8-5RMKViXxFAdy3wkEon_t62VlJWmWiPWdNt1FYNeQrUGbTAUGs4Wd-eQjklBgaepJPfPcM957k_ZparyExrU-WCUIkpUaujJEu5EV4dzNQOgfP83w_x91d45r6jJBWTIQO6CyK4mzePlkGGQ

Example Decoded Dynamic Client Registration Request Body

HEADER: ALGORITHM & TOKEN TYPE


{
  "alg": "PS256",
  "typ": "JWT",
  "kid": "6pIzwl0H-az_h9cEOz48Qw_OKn8"
}

PAYLOAD: DATA

{
  "grant_types": [
    "authorization_code",
    "refresh_token",
    "client_credentials"
  ],
  "application_type": "web",
  "iss": "1OEwYAKIgMtefvOKfSEdAS",
  "redirect_uris": [
    "https://www.getpostman.com/oauth2/callback"
  ],
  "token_endpoint_auth_method": "tls_client_auth",
  "tls_client_auth_dn": "CN = tpp-test.com,OU = BOI PSD2 OU,2.5.4.97 = PSDIE-CBI-123456,O = BOI PSD2 Test Org,L = Dublin,C = IE",
  "software_id": "1OEwYAKIgMtefvOKfSEdAS",
  "software_statement": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImRTM0hFenN5VkpPTHpRVkhJVWtPSkUySXFrbTN5SGI0QllfUGJCRVRXalk9IiwidHlwIjoiSldUIn0.eyJpYXQiOjE1NDQ3NzM4MDAsImlzcyI6Ik9wZW5CYW5raW5nIEx0ZCIsImp0aSI6IjIzSmxHRTFpN01NZkpFdXV4d0l5RGoiLCJvcmdfY29udGFjdHMiOlt7ImVtYWlsIjoiT0JCdXNpbmVzc1F1ZXJpZXNAQk9JLkNPTSIsIm5hbWUiOiJCdXNpbmVzcyIsInBob25lIjoiMDc1ODQgMjE0ODMwIiwidHlwZSI6IkJ1c2luZXNzIn0seyJlbWFpbCI6Ik9CVGVjaG5pY2FsUXVlcmllc0BCT0kuQ09NIiwibmFtZSI6IlRlY2huaWNhbCIsInBob25lIjoiMDg2MDY4MTc2MiIsInR5cGUiOiJUZWNobmljYWwifV0sIm9yZ19pZCI6IjAwMTU4MDAwMDBqZlE5YUFBRSIsIm9yZ19qd2tzX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDBqZlE5YUFBRS8wMDE1ODAwMDAwamZROWFBQUUuandrcyIsIm9yZ19qd2tzX3Jldm9rZWRfZW5kcG9pbnQiOiJodHRwczovL2tleXN0b3JlLm9wZW5iYW5raW5ndGVzdC5vcmcudWsvMDAxNTgwMDAwMGpmUTlhQUFFL3Jldm9rZWQvMDAxNTgwMDAwMGpmUTlhQUFFLmp3a3MiLCJvcmdfbmFtZSI6IkJhbmsgb2YgSXJlbGFuZCAoVUspIFBsYyIsIm9yZ19zdGF0dXMiOiJBY3RpdmUiLCJvcmdhbmlzYXRpb25fY29tcGV0ZW50X2F1dGhvcml0eV9jbGFpbXMiOnsiYXV0aG9yaXNhdGlvbnMiOlt7Im1lbWJlcl9zdGF0ZSI6IkdCIiwicm9sZXMiOlsiQUlTUCIsIlBJU1AiXX0seyJtZW1iZXJfc3RhdGUiOiJJRSIsInJvbGVzIjpbIkFJU1AiLCJQSVNQIl19LHsibWVtYmVyX3N0YXRlIjoiTkwiLCJyb2xlcyI6WyJBSVNQIiwiUElTUCJdfV0sImF1dGhvcml0eV9pZCI6IkZDQUdCUiIsInJlZ2lzdHJhdGlvbl9pZCI6IjUxMjk1NiIsInN0YXR1cyI6IkFjdGl2ZSJ9LCJzb2Z0d2FyZV9jbGllbnRfZGVzY3JpcHRpb24iOiJEQ1JfU2FuZGJveF8xMjE0XzAxIiwic29mdHdhcmVfY2xpZW50X2lkIjoiMU9Fd1lBS0lnTXRlZnZPS2ZTRWRBUyIsInNvZnR3YXJlX2NsaWVudF9uYW1lIjoiRENSX1NhbmRib3hfMTIxNF8wMSIsInNvZnR3YXJlX2NsaWVudF91cmkiOiJodHRwczovL3d3dy5nZXRwb3N0bWFuLmNvbS9vYXV0aDIvY2FsbGJhY2siLCJzb2Z0d2FyZV9lbnZpcm9ubWVudCI6InNhbmRib3giLCJzb2Z0d2FyZV9pZCI6IjFPRXdZQUtJZ010ZWZ2T0tmU0VkQVMiLCJzb2Z0d2FyZV9qd2tzX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDBqZlE5YUFBRS8xT0V3WUFLSWdNdGVmdk9LZlNFZEFTLmp3a3MiLCJzb2Z0d2FyZV9qd2tzX3Jldm9rZWRfZW5kcG9pbnQiOiJodHRwczovL2tleXN0b3JlLm9wZW5iYW5raW5ndGVzdC5vcmcudWsvMDAxNTgwMDAwMGpmUTlhQUFFL3Jldm9rZWQvMU9Fd1lBS0lnTXRlZnZPS2ZTRWRBUy5qd2tzIiwic29mdHdhcmVfbG9nb191cmkiOiJodHRwczovL3d3dy5nZXRwb3N0bWFuLmNvbS9vYXV0aDIvY2FsbGJhY2siLCJzb2Z0d2FyZV9tb2RlIjoiTGl2ZSIsInNvZnR3YXJlX29uX2JlaGFsZl9vZl9vcmciOiIiLCJzb2Z0d2FyZV9wb2xpY3lfdXJpIjoiaHR0cHM6Ly93d3cuZ2V0cG9zdG1hbi5jb20vb2F1dGgyL2NhbGxiYWNrIiwic29mdHdhcmVfcmVkaXJlY3RfdXJpcyI6WyJodHRwczovL3d3dy5nZXRwb3N0bWFuLmNvbS9vYXV0aDIvY2FsbGJhY2siXSwic29mdHdhcmVfcm9sZXMiOlsiQUlTUCIsIlBJU1AiXSwic29mdHdhcmVfdG9zX3VyaSI6Imh0dHBzOi8vd3d3LmdldHBvc3RtYW4uY29tL29hdXRoMi9jYWxsYmFjayIsInNvZnR3YXJlX3ZlcnNpb24iOjEuMX0.W2wgtocZxQxp3iaJqzDZZ3dZkdvLEJpFqfl8drmo4QUq_V-fsUczxzsO8wwPaAECBMW0ozXwSKu4nH88UaCHTR84NUuhyDw14ToOwRzU4MUSiVeEgjgAmje0BTfes7d2ZC_HRbcLqsahu1a2C7-tXxVM0KcnvOrbFenYru_Hk66nQVwdYNLMmwWiPg63tTS8vEHNHvd63rui_3SlBO2VwTQsKMXbxiXEk1j6AGQS4D4F-M_GKNJ-UZnqqJMQmnWB0eyrkhYztQ4SMU8o_zroX1qEXeCRaCpD-oK_-zy0can-70Fpa0-pxmc-APsiKYBKwTL-LDaLEmT8cgEd_Dlrwg",
  "aud": "https://auth-sandbox.bankofireland.com",
  "scope": "openid accounts payments",
  "request_object_signing_alg": "PS256",
  "exp": 1599357843,
  "iat": 1519357843,
  "jti": "7aac9164-eeac-47d6-8042-9a24610a984e",
  "id_token_signed_response_alg": "PS256"
}

Dynamic Client Registration Response

Example Successful Client Registration Response

{

    "client_id": "1OEwYAKIgMtefvOKfSEdAS",

    "org_id": "0015800000jfQ9aAAE",

    "software_logo_uri": "https://www.getpostman.com/oauth2/callback",

    "software_client_name": "DCR_Sandbox_1214_01",

    "software_jwks_endpoint": "https://keystore.openbankingtest.org.uk/0015800000jfQ9aAAE/1OEwYAKIgMtefvOKfSEdAS.jwks",

    "software_id": "1OEwYAKIgMtefvOKfSEdAS",

    "redirect_uris": [

        "https://www.getpostman.com/oauth2/callback"

    ],

    "scope": "openid accounts payments",

    "token_endpoint_auth_method": "tls_client_auth",

    "grant_types": [

        "authorization_code",

        "refresh_token",

        "client_credentials"

    ],

    "application_type": "web",

    "id_token_signed_response_alg": "PS256",

    "request_object_signing_alg": "PS256"

}

Example Unsuccessful Client Registration Response

HTTP/1.1 400

{
    "errorCode": "9005",
    "errorMessage": "invalid_jwt.",
    "error_desciprtion": "Registration JWT token is invalid."
}

Reviews