{ "swagger": "2.0", "info": { "title": "Dynamic Client Registration API", "description": "This specification defines the APIs for a TPP to submit a Software Statement Assertion to an ASPSP for the purpose of creating OAuth clients that are registered with ASPSP.\n", "termsOfService": "https://www.openbanking.org.uk/terms", "contact": { "name": "Service Desk", "email": "ServiceDesk@openbanking.org.uk" }, "license": { "name": "open-licence", "url": "https://www.openbanking.org.uk/open-licence" }, "version": "v3.1-RC1" }, "basePath": "/open-banking/v3.1/aisp", "schemes": [ "https" ], "consumes": [ "application/jwt" ], "produces": [ "application/json" ], "paths": { "/register": { "post": { "summary": "Register a client by way of a Software Statement Assertion", "description": "Endpoint will be secured by way of Mutual Authentication over TLS", "tags": [ "Client Registration", "Conditional" ], "parameters": [ { "$ref": "#/parameters/ClientRegistration" } ], "responses": { "201": { "$ref": "#/responses/OBClientRegistration1" }, "400": { "$ref": "#/responses/400Error" } } } } }, "parameters": { "Authorization": { "in": "header", "name": "Authorization", "type": "string", "required": true, "description": "An Authorisation Token as per https://tools.ietf.org/html/rfc6750" }, "ClientId": { "name": "ClientId", "description": "The client ID", "in": "path", "type": "string", "required": true }, "ClientRegistration": { "name": "requestBody", "description": "A request to register a Software Statement Assertion with an ASPSP", "in": "body", "schema": { "type": "string", "format": "OBClientRegistration1" } } }, "responses": { "OBClientRegistration1": { "description": "Client registration", "schema": { "allOf": [ { "$ref": "#/definitions/OBRegistrationProperties1" }, { "required": [ "client_id" ] } ] } }, "400Error": { "description": "Request failed due to client error", "schema": { "$ref": "#/definitions/RegistrationError" } }, "401Error": { "description": "Request failed due to unknown or invalid Client or invalid access token", "headers": { "WWW-Authenticate": { "description": "Response header field specified in https://tools.ietf.org/html/rfc6750", "type": "string", "pattern": "^Bearer .*" } } }, "403Error": { "description": "The client does not have permission to read, update or delete the Client" }, "405Error": { "description": "Method Not Allowed" } }, "definitions": { "SupportedAlgorithms": { "type": "string", "enum": [ "RS256", "ES256" ] }, "OBRegistrationProperties1": { "type": "object", "required": [ "redirect_uris", "token_endpoint_auth_method", "grant_types", "scope", "software_statement", "application_type", "id_token_signed_response_alg", "request_object_signing_alg", "tls_client_auth_dn" ], "properties": { "client_id": { "description": "OAuth 2.0 client identifier string", "type": "string", "minLength": 1, "maxLength": 36 }, "client_secret": { "description": "OAuth 2.0 client secret string", "type": "string", "minLength": 1, "maxLength": 36 }, "client_id_issued_at": { "description": "Time at which the client identifier was issued expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC", "type": "integer", "format": "int32", "minimum": 0 }, "client_secret_expires_at": { "description": "Time at which the client secret will expire expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC. Set to 0 if does not expire", "type": "integer", "format": "int32", "minimum": 0 }, "redirect_uris": { "type": "array", "items": { "type": "string", "format": "uri", "minLength": 1, "maxLength": 256 } }, "token_endpoint_auth_method": { "type": "string", "enum": [ "client_secret_basic" ] }, "grant_types": { "type": "array", "items": { "type": "string", "enum": [ "client_credentials", "authorization_code" ] }, "minItems": 1 }, "response_types": { "type": "array", "items": { "type": "string", "enum": [ "code", "code id_token" ] } }, "software_id": { "type": "string" }, "scope": { "type": "array", "items": { "type": "string", "minLength": 1, "maxLength": 32 } }, "software_statement": { "type": "string", "format": "JWT" }, "application_type": { "type": "string", "enum": [ "web", "mobile" ] }, "id_token_signed_response_alg": { "$ref": "#/definitions/SupportedAlgorithms" }, "request_object_signing_alg": { "$ref": "#/definitions/SupportedAlgorithms" }, "token_endpoint_auth_signing_alg": { "$ref": "#/definitions/SupportedAlgorithms" }, "tls_client_auth_dn": { "type": "string", "minLength": 1, "maxLength": 128 } } }, "OBClientRegistration1": { "allOf": [ { "type": "object", "required": [ "iss", "iat", "exp", "aud", "jti" ], "properties": { "iss": { "description": "Unique identifier for the TPP. Implemented as Base62 encoded GUID", "type": "string", "pattern": "^[0-9a-zA-Z]{1,18}$", "minLength": 1, "maxLength": 18 }, "iat": { "description": "The time at which the request was issued by the TPP expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC", "type": "integer", "format": "int32" }, "exp": { "description": "The time at which the request expires expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC", "type": "integer", "format": "int32" }, "aud": { "description": "The audience for the request. This should be the unique identifier\nfor the ASPSP issued by the issuer of the software statement.\nImplemented as Base62 encoded GUID\n", "type": "string", "pattern": "^[0-9a-zA-Z]{1,18}$", "minLength": 1, "maxLength": 18 }, "jti": { "description": "Unique identifier for the JWT implemented as UUID v4", "type": "string", "pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$", "minLength": 36, "maxLength": 36 } } }, { "$ref": "#/definitions/OBRegistrationProperties1" } ] }, "RegistrationError": { "type": "object", "required": [ "error" ], "properties": { "error": { "type": "string", "enum": [ "invalid_redirect_uri", "invalid_client_metadata", "invalid_software_statement", "unapproved_software_statement" ] }, "error_description": { "type": "string", "minLength": 1, "maxLength": 500 } } } }, "securityDefinitions": { "TPPOAuth2Security": { "type": "oauth2", "flow": "application", "description": "TPP client credential authorisation flow with the ASPSP. No scopes defined as per specification", "tokenUrl": "https://authserver.example/token" } } }