Search
K
ob-dynamic-client-registration-proxy

Dynamic Client Registration API

v3.1-RC1OAS 2.0

This specification defines the APIs for a TPP to submit a Software Statement Assertion to an ASPSP for the purpose of creating OAuth clients that are registered with ASPSP.

API Base URL
Security
TPPOAuth2Security (oauth2)

TPP client credential authorisation flow with the ASPSP. No scopes defined as per specification

Additional Information
Contact (ServiceDesk@openbanking.org.uk)
open-licence License

Register a client by way of a Software Statement Assertion

Endpoint will be secured by way of Mutual Authentication over TLS

post
/register

Body

application/jwt

A request to register a Software Statement Assertion with an ASPSP

string(OBClientRegistration1)

Response

application/json

Client registration

client_idstringrequired

OAuth 2.0 client identifier string

>= 1 characters<= 36 characters

client_secretstring

OAuth 2.0 client secret string

>= 1 characters<= 36 characters

client_id_issued_atinteger(int32)

Time at which the client identifier was issued expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC

>= 0

client_secret_expires_atinteger(int32)

Time at which the client secret will expire expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC. Set to 0 if does not expire

>= 0

redirect_urisarray[string](uri)required

>= 1 characters<= 256 characters

token_endpoint_auth_methodstringrequired

Allowed values:private_key_jwttls_client_auth

grant_typesarray[string]required

Allowed values:client_credentialsauthorization_coderefresh_token

>= 1 items

response_typesarray[string]

Allowed values:codecode id_token

software_idstring
scopearray[string]

>= 1 characters<= 32 characters

software_statementstring(JWT)required
application_typestringrequired

Allowed values:webmobile

id_token_signed_response_algstringrequired

Allowed values:RS256PS256ES256

request_object_signing_algstringrequired

Allowed values:RS256PS256ES256

token_endpoint_auth_signing_algstring

Allowed values:RS256PS256ES256

tls_client_auth_dnstringrequired

>= 1 characters<= 128 characters

application/json

Get a client by way of Client ID

get
/register/{ClientId}

Path Parameters

ClientIdstringrequired

The client ID

Headers

Authorizationstringrequired

An Authorisation Token as per https://tools.ietf.org/html/rfc6750

Response

application/json

Client registration

client_idstringrequired

OAuth 2.0 client identifier string

>= 1 characters<= 36 characters

client_secretstring

OAuth 2.0 client secret string

>= 1 characters<= 36 characters

client_id_issued_atinteger(int32)

Time at which the client identifier was issued expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC

>= 0

client_secret_expires_atinteger(int32)

Time at which the client secret will expire expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC. Set to 0 if does not expire

>= 0

redirect_urisarray[string](uri)required

>= 1 characters<= 256 characters

token_endpoint_auth_methodstringrequired

Allowed values:private_key_jwttls_client_auth

grant_typesarray[string]required

Allowed values:client_credentialsauthorization_coderefresh_token

>= 1 items

response_typesarray[string]

Allowed values:codecode id_token

software_idstring
scopearray[string]

>= 1 characters<= 32 characters

software_statementstring(JWT)required
application_typestringrequired

Allowed values:webmobile

id_token_signed_response_algstringrequired

Allowed values:RS256PS256ES256

request_object_signing_algstringrequired

Allowed values:RS256PS256ES256

token_endpoint_auth_signing_algstring

Allowed values:RS256PS256ES256

tls_client_auth_dnstringrequired

>= 1 characters<= 128 characters

application/json

Delete a client by way of Client ID

delete
/register/{ClientId}

Path Parameters

ClientIdstringrequired

The client ID

Headers

Authorizationstringrequired

An Authorisation Token as per https://tools.ietf.org/html/rfc6750

Response

Client deleted

Register a client by way of a Software Statement Assertion

Endpoint will be secured by way of Mutual Authentication over TLS

post
/register

Body

application/jwt

A request to register a Software Statement Assertion with an ASPSP

string(OBClientRegistration1)

Response

application/json

Client registration

client_idstringrequired

OAuth 2.0 client identifier string

>= 1 characters<= 36 characters

client_secretstring

OAuth 2.0 client secret string

>= 1 characters<= 36 characters

client_id_issued_atinteger(int32)

Time at which the client identifier was issued expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC

>= 0

client_secret_expires_atinteger(int32)

Time at which the client secret will expire expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC. Set to 0 if does not expire

>= 0

redirect_urisarray[string](uri)required

>= 1 characters<= 256 characters

token_endpoint_auth_methodstringrequired

Allowed values:private_key_jwttls_client_auth

grant_typesarray[string]required

Allowed values:client_credentialsauthorization_coderefresh_token

>= 1 items

response_typesarray[string]

Allowed values:codecode id_token

software_idstring
scopearray[string]

>= 1 characters<= 32 characters

software_statementstring(JWT)required
application_typestringrequired

Allowed values:webmobile

id_token_signed_response_algstringrequired

Allowed values:RS256PS256ES256

request_object_signing_algstringrequired

Allowed values:RS256PS256ES256

token_endpoint_auth_signing_algstring

Allowed values:RS256PS256ES256

tls_client_auth_dnstringrequired

>= 1 characters<= 128 characters

application/json