Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add signature headers to AS endpoints #209

Open
wilsonianb opened this issue Nov 7, 2022 · 1 comment
Open

Add signature headers to AS endpoints #209

wilsonianb opened this issue Nov 7, 2022 · 1 comment
Labels
type: specification Changes to the specification

Comments

@wilsonianb
Copy link
Contributor

Move signature header parameters to shared schemas.yaml

open-payments/openapi/resource-server.yaml

Lines 1324 to 1339 in 62c4b4a

signature:
name: Signature
in: header
schema:
type: string
example: 'Signature: sig1=:EWJgAONk3D6542Scj8g51rYeMHw96cH2XiCMxcyL511wyemGcw==:'
description: 'The signature generated based on the Signature-Input, using the signing algorithm specified in the "alg" field of the JWK.'
required: true
signature-input:
name: Signature-Input
in: header
schema:
type: string
example: 'Signature-Input: sig1=("@method" "@target-uri" "content-digest" "content-length" "content-type");created=1618884473;keyid="gnap-rsa"'
description: 'The Signature-Input field is a Dictionary structured field containing the metadata for one or more message signatures generated from components within the HTTP message. Each member describes a single message signature. The member''s key is the label that uniquely identifies the message signature within the context of the HTTP message. The member''s value is the serialization of the covered components Inner List plus all signature metadata parameters identified by the label. The following components MUST be included: - "@method" - "@target-uri" - "authorization" When the message contains a request body, the covered components MUST also include the following: - "content-digest" The keyid parameter of the signature MUST be set to the kid value of the JWK. See [ietf-httpbis-message-signatures](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-message-signatures#section-4.1) for more details.'
required: true

Include header parameter in relevant grant request(s)

open-payments/openapi/resource-server.yaml

Lines 221 to 223 in 62c4b4a

parameters:
- $ref: '#/components/parameters/signature-input'
- $ref: '#/components/parameters/signature'

open-payments/openapi/auth-server.yaml

Lines 20 to 22 in 62c4b4a

/:
post:
summary: Grant Request

@wilsonianb wilsonianb mentioned this issue Nov 7, 2022
Merged
4 tasks
@njlie
Copy link
Contributor

njlie commented Nov 17, 2022

Would it also make sense to include adding 401 responses to the AS endpoints for invalid signatures to the scope of this issue?

@mkurapov mkurapov added the type: specification Changes to the specification label Oct 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: specification Changes to the specification
Projects
Open Payments
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
3 participants
@wilsonianb @mkurapov @njlie