Dynamic Client Registration API

(0 reviews)

Introduction

This specification defines the mechanism by which a Primary Technical Contact (PTC) for a Third Party Provider (TPP) may submit a Software Statement Assertion (SSA) to Bank of Ireland for the purpose of receiving the details of the client enabling access to BOI APIs on behalf of BOI Customer. This automated mechanism is compliant with Open Banking's Dynamic Client Registration specification v3.0

Software Statement Assertion (SSA)

The SSA is a JSON Web Token (JWT) containing client metadata about an instance of TPP client software. The JWT must be issued and signed by Open Banking for Production. For our Sandbox a TPP can use an unsigned SSA.

SSA Payload

The payload of an SSA MUST be a compliant software statement according to [RFC7591]. The SSA MUST also be a compliant JWT according to [RFC7519]. The table below describes the metadata profiles.

Metadata	Description	Source Specification
software_id	Unique Identifier for TPP Client Software	[RFC7591]
iss	SSA Issuer	[RFC7519]
iat	Time SSA is issued	[RFC7519]
jti	JWT ID	[RFC7519]

The following software metadata is additionally defined for this profile:

Metadata	Description
software_client_id	The client ID registered at OB used to access OB resources for non-OB SSA, client id is used as an input by BOI to generate the unique client_id for a TPP.
software_client_description	Human-readable detailed description of the client
software_client_name	Human-readable Software Name
software_client_uri	The website or resource root uri
software_version	The version number of the software should a TPP choose to register and / or maintain it
software_environment	Requested additional field to avoid certificate check
software_jwks_endpoint	Contains all active signing and network certificates for the software
software_jwks_revoked_endpoint	Contains all revoked signing and network certificates for the software
software_logo_uri	Link to the TPP logo. Note, ASPSPs are not obliged to display images hosted by third parties
software_mode	ASPSP requested additional field to indicate that this software is "Test" or "Live" the default is "Live". Impact and support for "Test" software is up to the ASPSP.
software_on_behalf_of_org	A reference to fourth party organsiation resource on the OB Directory if the registering TPP is acting on behalf of another.
software_on_behalf_of_org_type	The type of organisation that this software has a relationship with. Regulated on OB Directory, not regulated, regulated not on OB Directory
software_policy_uri	A link to the software's policy page
software_redirect_uris	Registered client callback endpoints as registered with Open Banking
software_roles	A multi value list of PSD2 roles that this software is authorized to perform.
software_tos_uri	A link to the software's terms of service page

The following organisational metadata is defined for this profile:

Metadata	Description
organisation_competent_authority_claims	Authorisations granted to the organisation by an NCA
org_status	Included to cater for voluntary withdrawal from OB scenarios default values: Active, Revoked or Withdrawn
org_id	The unique TPP or ASPSP ID held by Open Banking. In Sandbox, for non-OB SSA this field should contain the NCA ID as per the eIDAS certificate.
org_name	Legal entity identifier or other known organisation name
org_contacts	JSON array of objects containing a triplet of name, email, and phone number
org_jwks_endpoint	Contains all active signing and network certificates for the organisation
org_jwks_revoked_endpoint	Contains all revoked signing and network certificates for the organisation
ob_registry_tos	A link to the OB registries terms of service page

SSA Header

The SSA header MUST comply with [RFC7519].

Metadata	Description
typ	MUST be set to JWT
alg	MUST be set to PS256. For Sandbox, non-OB SSA this field should be set to "NONE".
kid	The kid will be kept the same as the "x5t" parameter. (X.509 Certificate SHA-1 Thumbprint) of the signing certificate.

OB SSA Example

The elements defined in the software statement will consist of the following values.

HEADER:ALGORITHM & TOKEN TYPE

{
  "alg": "PS256",
  "kid": "j_OPXe8tchWuhQ3gVN-SOOOTyDY",
  "typ": "JWT"
}

PAYLOAD:DATA

{
  "iat": 1537249394,
  "iss": "OpenBanking Ltd",
  "jti": "3SjuymQ2BSNmSFljZIV32H",
  "ob_registry_tos": "https://registry.openbankingtest.org.uk/tos.html",
  "org_contacts": [
    {
      "email": "OBTechnicalQueries@BOI.COM",
      "name": "Technical",
      "phone": "0860681762",
      "type": "Technical"
    },
    {
      "email": "OBBusinessQueries@BOI.COM",
      "name": "Business",
      "phone": "07584 214830",
      "type": "Business"
    }
  ],
  "org_id": "0015800000jfQ9aAAE",
  "org_jwks_endpoint": "https://keystore.openbankingtest.org.uk/0015800000jfQ9aAAE/0015800000jfQ9aAAE.jwks",
  "org_jwks_revoked_endpoint": "https://keystore.openbankingtest.org.uk/0015800000jfQ9aAAE/revoked/0015800000jfQ9aAAE.jwks",
  "org_name": "Bank of Ireland (UK) Plc",
  "org_status": "Active",
  "organisation_competent_authority_claims": {
    "authorisations": [
      {
        "member_state": "GB",
        "roles": [
          "AISP",
          "PISP"
        ]
      }
    ],
    "authority_id": "FCAGBR",
    "registration_id": "512956",
    "status": "Active"
  },
  "software_client_description": "CMA2_DeV_18_9",
  "software_client_id": "53ZcZkjLM1sXLOAHkwG6DB",
  "software_client_name": "CMA2_DeV_18_9",
  "software_client_uri": "https://www.getpostman.com/oauth2/callback",
  "software_environment": "sandbox",
  "software_id": "53ZcZkjLM1sXLOAHkwG6DB",
  "software_jwks_endpoint": "https://keystore.openbankingtest.org.uk/0015800000jfQ9aAAE/53ZcZkjLM1sXLOAHkwG6DB.jwks",
  "software_jwks_revoked_endpoint": "https://keystore.openbankingtest.org.uk/0015800000jfQ9aAAE/revoked/53ZcZkjLM1sXLOAHkwG6DB.jwks",
  "software_logo_uri": "https://www.getpostman.com/oauth2/callback",
  "software_mode": "Live",
  "software_on_behalf_of_org": "CG",
  "software_policy_uri": "https://www.getpostman.com/oauth2/callback",
  "software_redirect_uris": [
    "https://www.getpostman.com/oauth2/callback"
  ],
  "software_roles": [
    "AISP",
    "PISP"
  ],
  "software_tos_uri": "https://www.getpostman.com/oauth2/callback",
  "software_version": 1.1
}

NON-OB SSA Example

The elements defined in the software statement will consist of the following values.


HEADER:ALGORITHM & TOKEN TYPE

{
  "alg": "NONE"
}

PAYLOAD:DATA

{
  "iss": "PSDIE-CBI-123456",
  "software_client_description": "Non OB SSA Client",
  "software_id": "1OEwYAKNONOBSSAClient",
  "software_roles": [
    "AISP",
    "PISP",
    "CBPII"
  ],
  "exp": 1590776620,
  "iat": 1550774820,
  "jti": "51a15308-3193-4702-a1e0-5bc421e0d88a",
  "software_client_name": "NON_OB_SSA_CLIENT",
  "software_client_id": "1OEwYAKNONOBSSAClient",
  "software_redirect_uris": [
    "https://google.com"
  ],
  "org_id": "PSDIE-CBI-123456",
  "org_name": "Test TPP for Non OB SSA",
  "organisation_competent_authority_claims": {
    "authorisations": [
      {
        "roles": [
          "AISP",
          "PISP",
          "CBPII"
        ]
      }
    ]
  }
}

Client Registration Endpoint

BOI supports automated client registration endpoint protected by mutually authenticated transport-layer security using certificates chaining to the Open Banking certificate authority.

Client Registration Request

To register as a client at BOI, the TPP sends an HTTP POST to the registration endpoint. The request MUST be presented in the format of a [RFC7519] compliant JWT. The request MUST use the HTTP POST method, using the application/jwt method. The JWT MUST be signed using algorithms specified in Open Banking documentation.

Header Claims

Metadata	Description
typ	MUST be set to JWT
alg	MUST be set to PS256.
kid	The kid will be kept the same as the "x5t" parameter. (X.509 Certificate SHA-1 Thumbprint) of the signing certificate.
x5c	Public certificate of the QSealC. Only to be populated when non-OB SSA is used in request claims.

Request Claims

Claim	Description	Source Specification	Optional	Comments
iss	Request Issuer (The TPP)	[RFC7519]	NO
iat	Time of issuance of request	[RFC7519]	NO
exp	Request expiration time	[RFC7519]	NO
aud	Request audience (The ASPSP)	[RFC7519]	NO
jti	JWT ID	[RFC7519]	NO
redirect_uris	Registered URIs the TPP will use to interact with BOI	[OIDC-R]	NO	MUST match or be a subset of the software_redirect_uris claim in the SSA
token_endpoint_auth_method	Specifies which token endpoint authentication method the TPP wants to use	[RFC7591]	NO
tls_client_auth_dn	Subject DN of the transport certificate that the TPP will present to the ASPSP token endpoint	[RFC7591]	NO
grant_types	A JSON array specifying what the TPP can request to be supplied to the token endpoint as exchange for an access token	[RFC7591]	NO
response_types	A JSON array specifying what the TPP can request to be returned from the ASPSP authorisation endpoint.	[RFC7591]	YES
software_id	The software_id in the request MUST match the software_id specified in the SSA	[RFC7591]	YES
scope	scopes the client is asking for (if not specified, default scopes are assigned by the AS)	[RFC7591]	YES	Minimum scope should be openid + whatever scopes are appropriate for the softwares PSD2 Role.
software_statement	SSA issued by Open Banking identifier or non-OB SSA generated by TPP	[RFC7519]	NO
application_type	Web or Mobile	[OIDC-R]	NO	MUST be web if specified.
id_token_signed_response_alg	Algorithm which the TPP expects to sign the id_token, if an id_token is returned.	[OIDC-R]	NO
request_object_signing_alg	Algorithm which the TPP expects to sign the request object if a request object will be part of the authorization request sent to the ASPSP.	[OIDC-R]	NO

Example Dynamic Client Registration Request

curl -X POST \

  https://api-sandbox.bankofireland.com/1/api/open-banking/v1.2/register \

  -H 'Cache-Control: no-cache' \

  -H 'Content-Type: application/jwt' \

  -H 'Postman-Token: 4d718d91-6005-459e-903c-7053ea06aa87' \

  -d eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjZwSXp3bDBILWF6X2g5Y0VPejQ4UXdfT0tuOCJ9.eyJncmFudF90eXBlcyI6WyJhdXRob3JpemF0aW9uX2NvZGUiLCJyZWZyZXNoX3Rva2VuIiwiY2xpZW50X2NyZWRlbnRpYWxzIl0sImFwcGxpY2F0aW9uX3R5cGUiOiJXRUIiLCJpc3MiOiIxT0V3WUFLSWdNdGVmdk9LZlNFZEFTIiwicmVkaXJlY3RfdXJpcyI6WyJodHRwczovL3d3dy5nZXRwb3N0bWFuLmNvbS9vYXV0aDIvY2FsbGJhY2siXSwidG9rZW5fZW5kcG9pbnRfYXV0aF9tZXRob2QiOiJ0bHNfY2xpZW50X2F1dGgiLCJ0bHNfY2xpZW50X2F1dGhfZG4iOiJDTj0xT0V3WUFLSWdNdGVmdk9LZlNFZEFTLCBPVT0wMDE1ODAwMDAwamZROWFBQUUsIE89T3BlbkJhbmtpbmcsIEM9R0IiLCJzb2Z0d2FyZV9pZCI6IjFPRXdZQUtJZ010ZWZ2T0tmU0VkQVMiLCJzb2Z0d2FyZV9zdGF0ZW1lbnQiOiJleUpoYkdjaU9pSlNVekkxTmlJc0ltdHBaQ0k2SW1SVE0waEZlbk41VmtwUFRIcFJWa2hKVld0UFNrVXlTWEZyYlRONVNHSTBRbGxmVUdKQ1JWUlhhbGs5SWl3aWRIbHdJam9pU2xkVUluMC5leUpwWVhRaU9qRTFORFEzTnpNNE1EQXNJbWx6Y3lJNklrOXdaVzVDWVc1cmFXNW5JRXgwWkNJc0ltcDBhU0k2SWpJelNteEhSVEZwTjAxTlprcEZkWFY0ZDBsNVJHb2lMQ0p2Y21kZlkyOXVkR0ZqZEhNaU9sdDdJbVZ0WVdsc0lqb2lUMEpDZFhOcGJtVnpjMUYxWlhKcFpYTkFRazlKTGtOUFRTSXNJbTVoYldVaU9pSkNkWE5wYm1WemN5SXNJbkJvYjI1bElqb2lNRGMxT0RRZ01qRTBPRE13SWl3aWRIbHdaU0k2SWtKMWMybHVaWE56SW4wc2V5SmxiV0ZwYkNJNklrOUNWR1ZqYUc1cFkyRnNVWFZsY21sbGMwQkNUMGt1UTA5Tklpd2libUZ0WlNJNklsUmxZMmh1YVdOaGJDSXNJbkJvYjI1bElqb2lNRGcyTURZNE1UYzJNaUlzSW5SNWNHVWlPaUpVWldOb2JtbGpZV3dpZlYwc0ltOXlaMTlwWkNJNklqQXdNVFU0TURBd01EQnFabEU1WVVGQlJTSXNJbTl5WjE5cWQydHpYMlZ1WkhCdmFXNTBJam9pYUhSMGNITTZMeTlyWlhsemRHOXlaUzV2Y0dWdVltRnVhMmx1WjNSbGMzUXViM0puTG5Wckx6QXdNVFU0TURBd01EQnFabEU1WVVGQlJTOHdNREUxT0RBd01EQXdhbVpST1dGQlFVVXVhbmRyY3lJc0ltOXlaMTlxZDJ0elgzSmxkbTlyWldSZlpXNWtjRzlwYm5RaU9pSm9kSFJ3Y3pvdkwydGxlWE4wYjNKbExtOXdaVzVpWVc1cmFXNW5kR1Z6ZEM1dmNtY3VkV3N2TURBeE5UZ3dNREF3TUdwbVVUbGhRVUZGTDNKbGRtOXJaV1F2TURBeE5UZ3dNREF3TUdwbVVUbGhRVUZGTG1wM2EzTWlMQ0p2Y21kZmJtRnRaU0k2SWtKaGJtc2diMllnU1hKbGJHRnVaQ0FvVlVzcElGQnNZeUlzSW05eVoxOXpkR0YwZFhNaU9pSkJZM1JwZG1VaUxDSnZjbWRoYm1sellYUnBiMjVmWTI5dGNHVjBaVzUwWDJGMWRHaHZjbWwwZVY5amJHRnBiWE1pT25zaVlYVjBhRzl5YVhOaGRHbHZibk1pT2x0N0ltMWxiV0psY2w5emRHRjBaU0k2SWtkQ0lpd2ljbTlzWlhNaU9sc2lRVWxUVUNJc0lsQkpVMUFpWFgwc2V5SnRaVzFpWlhKZmMzUmhkR1VpT2lKSlJTSXNJbkp2YkdWeklqcGJJa0ZKVTFBaUxDSlFTVk5RSWwxOUxIc2liV1Z0WW1WeVgzTjBZWFJsSWpvaVRrd2lMQ0p5YjJ4bGN5STZXeUpCU1ZOUUlpd2lVRWxUVUNKZGZWMHNJbUYxZEdodmNtbDBlVjlwWkNJNklrWkRRVWRDVWlJc0luSmxaMmx6ZEhKaGRHbHZibDlwWkNJNklqVXhNamsxTmlJc0luTjBZWFIxY3lJNklrRmpkR2wyWlNKOUxDSnpiMlowZDJGeVpWOWpiR2xsYm5SZlpHVnpZM0pwY0hScGIyNGlPaUpFUTFKZlUyRnVaR0p2ZUY4eE1qRTBYekF4SWl3aWMyOW1kSGRoY21WZlkyeHBaVzUwWDJsa0lqb2lNVTlGZDFsQlMwbG5UWFJsWm5aUFMyWlRSV1JCVXlJc0luTnZablIzWVhKbFgyTnNhV1Z1ZEY5dVlXMWxJam9pUkVOU1gxTmhibVJpYjNoZk1USXhORjh3TVNJc0luTnZablIzWVhKbFgyTnNhV1Z1ZEY5MWNta2lPaUpvZEhSd2N6b3ZMM2QzZHk1blpYUndiM04wYldGdUxtTnZiUzl2WVhWMGFESXZZMkZzYkdKaFkyc2lMQ0p6YjJaMGQyRnlaVjlsYm5acGNtOXViV1Z1ZENJNkluTmhibVJpYjNnaUxDSnpiMlowZDJGeVpWOXBaQ0k2SWpGUFJYZFpRVXRKWjAxMFpXWjJUMHRtVTBWa1FWTWlMQ0p6YjJaMGQyRnlaVjlxZDJ0elgyVnVaSEJ2YVc1MElqb2lhSFIwY0hNNkx5OXJaWGx6ZEc5eVpTNXZjR1Z1WW1GdWEybHVaM1JsYzNRdWIzSm5MblZyTHpBd01UVTRNREF3TURCcVpsRTVZVUZCUlM4eFQwVjNXVUZMU1dkTmRHVm1kazlMWmxORlpFRlRMbXAzYTNNaUxDSnpiMlowZDJGeVpWOXFkMnR6WDNKbGRtOXJaV1JmWlc1a2NHOXBiblFpT2lKb2RIUndjem92TDJ0bGVYTjBiM0psTG05d1pXNWlZVzVyYVc1bmRHVnpkQzV2Y21jdWRXc3ZNREF4TlRnd01EQXdNR3BtVVRsaFFVRkZMM0psZG05clpXUXZNVTlGZDFsQlMwbG5UWFJsWm5aUFMyWlRSV1JCVXk1cWQydHpJaXdpYzI5bWRIZGhjbVZmYkc5bmIxOTFjbWtpT2lKb2RIUndjem92TDNkM2R5NW5aWFJ3YjNOMGJXRnVMbU52YlM5dllYVjBhREl2WTJGc2JHSmhZMnNpTENKemIyWjBkMkZ5WlY5dGIyUmxJam9pVEdsMlpTSXNJbk52Wm5SM1lYSmxYMjl1WDJKbGFHRnNabDl2Wmw5dmNtY2lPaUlpTENKemIyWjBkMkZ5WlY5d2IyeHBZM2xmZFhKcElqb2lhSFIwY0hNNkx5OTNkM2N1WjJWMGNHOXpkRzFoYmk1amIyMHZiMkYxZEdneUwyTmhiR3hpWVdOcklpd2ljMjltZEhkaGNtVmZjbVZrYVhKbFkzUmZkWEpwY3lJNld5Sm9kSFJ3Y3pvdkwzZDNkeTVuWlhSd2IzTjBiV0Z1TG1OdmJTOXZZWFYwYURJdlkyRnNiR0poWTJzaVhTd2ljMjltZEhkaGNtVmZjbTlzWlhNaU9sc2lRVWxUVUNJc0lsQkpVMUFpWFN3aWMyOW1kSGRoY21WZmRHOXpYM1Z5YVNJNkltaDBkSEJ6T2k4dmQzZDNMbWRsZEhCdmMzUnRZVzR1WTI5dEwyOWhkWFJvTWk5allXeHNZbUZqYXlJc0luTnZablIzWVhKbFgzWmxjbk5wYjI0aU9qRXVNWDAuVzJ3Z3RvY1p4UXhwM2lhSnF6RFpaM2Raa2R2TEVKcEZxZmw4ZHJtbzRRVXFfVi1mc1Vjenh6c084d3dQYUFFQ0JNVzBvelh3U0t1NG5IODhVYUNIVFI4NE5VdWh5RHcxNFRvT3dSelU0TVVTaVZlRWdqZ0FtamUwQlRmZXM3ZDJaQ19IUmJjTHFzYWh1MWEyQzctdFh4Vk0wS2Nudk9yYkZlbllydV9IazY2blFWd2RZTkxNbXdXaVBnNjN0VFM4dkVITkh2ZDYzcnVpXzNTbEJPMlZ3VFFzS01YYnhpWEVrMWo2QUdRUzRENEYtTV9HS05KLVVabnFxSk1RbW5XQjBleXJraFl6dFE0U01VOG9fenJvWDFxRVhlQ1JhQ3BELW9LXy16eTBjYW4tNzBGcGEwLXB4bWMtQVBzaUtZQkt3VEwtTERhTEVtVDhjZ0VkX0RscndnIiwiYXVkIjoiaHR0cHM6Ly9hdXRoLXNhbmRib3guYXBpYm9pdGVzdC5jb20iLCJzY29wZSI6Im9wZW5pZCBhY2NvdW50cyBwYXltZW50cyIsInJlcXVlc3Rfb2JqZWN0X3NpZ25pbmdfYWxnIjoiUlMyNTYiLCJleHAiOjE1OTkzNTc4NDMsImlhdCI6MTUxOTM1Nzg0MywianRpIjoiN2FhYzkxNjQtZWVhYy00N2Q2LTgwNDItOWEyNDYxMGE5ODRlIiwiaWRfdG9rZW5fc2lnbmVkX3Jlc3BvbnNlX2FsZyI6IlJTMjU2In0.EqDCfo53egwkdc1hDH1aUcLbp3rUPpkOvmqqOzOHun_IZ0D5PkgI80Ir9vKSxqDLBL0q6TKVh_P4lKd8zUtLuZF2HMPN1G3eeRLnRsccAZQQeEAekk9aTX9_GCgV2VnURMBFbThlgmSlX7-vB4GSJOdw1yuMR2pfdSfTp_S7Hs1BSg_60jd7ExvkOvSk9GzGyoUsz8-5RMKViXxFAdy3wkEon_t62VlJWmWiPWdNt1FYNeQrUGbTAUGs4Wd-eQjklBgaepJPfPcM957k_ZparyExrU-WCUIkpUaujJEu5EV4dzNQOgfP83w_x91d45r6jJBWTIQO6CyK4mzePlkGGQ

Example Decoded Dynamic Client Registration Request Body

HEADER: ALGORITHM & TOKEN TYPE


{
  "alg": "PS256",
  "typ": "JWT",
  "kid": "6pIzwl0H-az_h9cEOz48Qw_OKn8"
}

PAYLOAD: DATA

{
  "grant_types": [
    "authorization_code",
    "refresh_token",
    "client_credentials"
  ],
  "application_type": "web",
  "iss": "1OEwYAKIgMtefvOKfSEdAS",
  "redirect_uris": [
    "https://www.getpostman.com/oauth2/callback"
  ],
  "token_endpoint_auth_method": "tls_client_auth",
  "tls_client_auth_dn": "CN = tpp-test.com,OU = BOI PSD2 OU,2.5.4.97 = PSDIE-CBI-123456,O = BOI PSD2 Test Org,L = Dublin,C = IE",
  "software_id": "1OEwYAKIgMtefvOKfSEdAS",
  "software_statement": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImRTM0hFenN5VkpPTHpRVkhJVWtPSkUySXFrbTN5SGI0QllfUGJCRVRXalk9IiwidHlwIjoiSldUIn0.eyJpYXQiOjE1NDQ3NzM4MDAsImlzcyI6Ik9wZW5CYW5raW5nIEx0ZCIsImp0aSI6IjIzSmxHRTFpN01NZkpFdXV4d0l5RGoiLCJvcmdfY29udGFjdHMiOlt7ImVtYWlsIjoiT0JCdXNpbmVzc1F1ZXJpZXNAQk9JLkNPTSIsIm5hbWUiOiJCdXNpbmVzcyIsInBob25lIjoiMDc1ODQgMjE0ODMwIiwidHlwZSI6IkJ1c2luZXNzIn0seyJlbWFpbCI6Ik9CVGVjaG5pY2FsUXVlcmllc0BCT0kuQ09NIiwibmFtZSI6IlRlY2huaWNhbCIsInBob25lIjoiMDg2MDY4MTc2MiIsInR5cGUiOiJUZWNobmljYWwifV0sIm9yZ19pZCI6IjAwMTU4MDAwMDBqZlE5YUFBRSIsIm9yZ19qd2tzX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDBqZlE5YUFBRS8wMDE1ODAwMDAwamZROWFBQUUuandrcyIsIm9yZ19qd2tzX3Jldm9rZWRfZW5kcG9pbnQiOiJodHRwczovL2tleXN0b3JlLm9wZW5iYW5raW5ndGVzdC5vcmcudWsvMDAxNTgwMDAwMGpmUTlhQUFFL3Jldm9rZWQvMDAxNTgwMDAwMGpmUTlhQUFFLmp3a3MiLCJvcmdfbmFtZSI6IkJhbmsgb2YgSXJlbGFuZCAoVUspIFBsYyIsIm9yZ19zdGF0dXMiOiJBY3RpdmUiLCJvcmdhbmlzYXRpb25fY29tcGV0ZW50X2F1dGhvcml0eV9jbGFpbXMiOnsiYXV0aG9yaXNhdGlvbnMiOlt7Im1lbWJlcl9zdGF0ZSI6IkdCIiwicm9sZXMiOlsiQUlTUCIsIlBJU1AiXX0seyJtZW1iZXJfc3RhdGUiOiJJRSIsInJvbGVzIjpbIkFJU1AiLCJQSVNQIl19LHsibWVtYmVyX3N0YXRlIjoiTkwiLCJyb2xlcyI6WyJBSVNQIiwiUElTUCJdfV0sImF1dGhvcml0eV9pZCI6IkZDQUdCUiIsInJlZ2lzdHJhdGlvbl9pZCI6IjUxMjk1NiIsInN0YXR1cyI6IkFjdGl2ZSJ9LCJzb2Z0d2FyZV9jbGllbnRfZGVzY3JpcHRpb24iOiJEQ1JfU2FuZGJveF8xMjE0XzAxIiwic29mdHdhcmVfY2xpZW50X2lkIjoiMU9Fd1lBS0lnTXRlZnZPS2ZTRWRBUyIsInNvZnR3YXJlX2NsaWVudF9uYW1lIjoiRENSX1NhbmRib3hfMTIxNF8wMSIsInNvZnR3YXJlX2NsaWVudF91cmkiOiJodHRwczovL3d3dy5nZXRwb3N0bWFuLmNvbS9vYXV0aDIvY2FsbGJhY2siLCJzb2Z0d2FyZV9lbnZpcm9ubWVudCI6InNhbmRib3giLCJzb2Z0d2FyZV9pZCI6IjFPRXdZQUtJZ010ZWZ2T0tmU0VkQVMiLCJzb2Z0d2FyZV9qd2tzX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDBqZlE5YUFBRS8xT0V3WUFLSWdNdGVmdk9LZlNFZEFTLmp3a3MiLCJzb2Z0d2FyZV9qd2tzX3Jldm9rZWRfZW5kcG9pbnQiOiJodHRwczovL2tleXN0b3JlLm9wZW5iYW5raW5ndGVzdC5vcmcudWsvMDAxNTgwMDAwMGpmUTlhQUFFL3Jldm9rZWQvMU9Fd1lBS0lnTXRlZnZPS2ZTRWRBUy5qd2tzIiwic29mdHdhcmVfbG9nb191cmkiOiJodHRwczovL3d3dy5nZXRwb3N0bWFuLmNvbS9vYXV0aDIvY2FsbGJhY2siLCJzb2Z0d2FyZV9tb2RlIjoiTGl2ZSIsInNvZnR3YXJlX29uX2JlaGFsZl9vZl9vcmciOiIiLCJzb2Z0d2FyZV9wb2xpY3lfdXJpIjoiaHR0cHM6Ly93d3cuZ2V0cG9zdG1hbi5jb20vb2F1dGgyL2NhbGxiYWNrIiwic29mdHdhcmVfcmVkaXJlY3RfdXJpcyI6WyJodHRwczovL3d3dy5nZXRwb3N0bWFuLmNvbS9vYXV0aDIvY2FsbGJhY2siXSwic29mdHdhcmVfcm9sZXMiOlsiQUlTUCIsIlBJU1AiXSwic29mdHdhcmVfdG9zX3VyaSI6Imh0dHBzOi8vd3d3LmdldHBvc3RtYW4uY29tL29hdXRoMi9jYWxsYmFjayIsInNvZnR3YXJlX3ZlcnNpb24iOjEuMX0.W2wgtocZxQxp3iaJqzDZZ3dZkdvLEJpFqfl8drmo4QUq_V-fsUczxzsO8wwPaAECBMW0ozXwSKu4nH88UaCHTR84NUuhyDw14ToOwRzU4MUSiVeEgjgAmje0BTfes7d2ZC_HRbcLqsahu1a2C7-tXxVM0KcnvOrbFenYru_Hk66nQVwdYNLMmwWiPg63tTS8vEHNHvd63rui_3SlBO2VwTQsKMXbxiXEk1j6AGQS4D4F-M_GKNJ-UZnqqJMQmnWB0eyrkhYztQ4SMU8o_zroX1qEXeCRaCpD-oK_-zy0can-70Fpa0-pxmc-APsiKYBKwTL-LDaLEmT8cgEd_Dlrwg",
  "aud": "https://auth-sandbox.bankofireland.com",
  "scope": "openid accounts payments",
  "request_object_signing_alg": "PS256",
  "exp": 1599357843,
  "iat": 1519357843,
  "jti": "7aac9164-eeac-47d6-8042-9a24610a984e",
  "id_token_signed_response_alg": "PS256"
}

Dynamic Client Registration Response

Example Successful Client Registration Response

{

    "client_id": "1OEwYAKIgMtefvOKfSEdAS",

    "org_id": "0015800000jfQ9aAAE",

    "software_logo_uri": "https://www.getpostman.com/oauth2/callback",

    "software_client_name": "DCR_Sandbox_1214_01",

    "software_jwks_endpoint": "https://keystore.openbankingtest.org.uk/0015800000jfQ9aAAE/1OEwYAKIgMtefvOKfSEdAS.jwks",

    "software_id": "1OEwYAKIgMtefvOKfSEdAS",

    "redirect_uris": [

        "https://www.getpostman.com/oauth2/callback"

    ],

    "scope": "openid accounts payments",

    "token_endpoint_auth_method": "tls_client_auth",

    "grant_types": [

        "authorization_code",

        "refresh_token",

        "client_credentials"

    ],

    "application_type": "web",

    "id_token_signed_response_alg": "PS256",

    "request_object_signing_alg": "PS256"

}

Example Unsuccessful Client Registration Response

HTTP/1.1 400

{
    "errorCode": "9005",
    "errorMessage": "invalid_jwt.",
    "error_desciprtion": "Registration JWT token is invalid."
}

home