Skip to content

Add signature headers to AS endpoints #209

New issue
New issue
Open
Open
Add signature headers to AS endpoints#209
Labels
type: specificationChanges to the specification
@wilsonianb

Description

@wilsonianb
wilsonianb
opened on Nov 7, 2022

Move signature header parameters to shared schemas.yaml

open-payments/openapi/resource-server.yaml

Lines 1324 to 1339 in 62c4b4a

signature:
name: Signature
in: header
schema:
type: string
example: 'Signature: sig1=:EWJgAONk3D6542Scj8g51rYeMHw96cH2XiCMxcyL511wyemGcw==:'
description: 'The signature generated based on the Signature-Input, using the signing algorithm specified in the "alg" field of the JWK.'
required: true
signature-input:
name: Signature-Input
in: header
schema:
type: string
example: 'Signature-Input: sig1=("@method" "@target-uri" "content-digest" "content-length" "content-type");created=1618884473;keyid="gnap-rsa"'
description: 'The Signature-Input field is a Dictionary structured field containing the metadata for one or more message signatures generated from components within the HTTP message. Each member describes a single message signature. The member''s key is the label that uniquely identifies the message signature within the context of the HTTP message. The member''s value is the serialization of the covered components Inner List plus all signature metadata parameters identified by the label. The following components MUST be included: - "@method" - "@target-uri" - "authorization" When the message contains a request body, the covered components MUST also include the following: - "content-digest" The keyid parameter of the signature MUST be set to the kid value of the JWK. See [ietf-httpbis-message-signatures](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-message-signatures#section-4.1) for more details.'
required: true

Include header parameter in relevant grant request(s)

open-payments/openapi/resource-server.yaml

Lines 221 to 223 in 62c4b4a

parameters:
- $ref: '#/components/parameters/signature-input'
- $ref: '#/components/parameters/signature'

open-payments/openapi/auth-server.yaml

Lines 20 to 22 in 62c4b4a

/:
post:
summary: Grant Request

Metadata

Metadata

Assignees

No one assigned

    Labels

    type: specificationChanges to the specification

    Type

    No type

    Projects

    Open Payments

    Status

    Backlog

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions