Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-18124

FAPI Support nbf claim that is no longer than 60 minutes in the past

    XMLWordPrintable

Details

    • Story
    • Status: In Progress
    • Major
    • Resolution: Unresolved
    • None
    • None
    • None
    • Rank:
      1|i05ati:

    Description

      The spec https://openid.net/specs/openid-financial-api-part-2-1_0-final.html#authorization-server Section 5.2.2.17  Authorization server states that when an authorization request is considered as a FAPI request the authorization server:

      17. shall require the request object to contain an exp claim that has a lifetime of no longer than 60 minutes after the nbf claim

      This is reiterated further by Section 5.2.3.14 Confidential client which states

      14. shall send a nbf claim in the request object

       

      As part of our work to meet CDR conformance we need to address these two points.

      The requirement to include an nbf in the request could be a breaking change for clients which were written against an earlier version of the spec as such as part of this change we should introduce a "nbfClaim" configuration flag with options for "required" or "optional". 

       

      Attachments

        Issue Links

          Activity

            People

              alun.daley Alun Daley
              philip.anderson Philip Anderson
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: