Re: [OAUTH-WG] RAR - Example JWT for Payment

Justin Richer <jricher@mit.edu> Tue, 31 March 2020 15:12 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3DE43A22B7 for <oauth@ietfa.amsl.com>; Tue, 31 Mar 2020 08:12:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.002
X-Spam-Level:
X-Spam-Status: No, score=0.002 tagged_above=-999 required=5 tests=[HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OY4qqizw0fZC for <oauth@ietfa.amsl.com>; Tue, 31 Mar 2020 08:12:50 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CDE2E3A22BB for <oauth@ietf.org>; Tue, 31 Mar 2020 08:12:49 -0700 (PDT)
Received: from [192.168.1.13] (static-71-174-62-56.bstnma.fios.verizon.net [71.174.62.56]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 02VFCiaH000775 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Mar 2020 11:12:45 -0400
From: Justin Richer <jricher@mit.edu>
Message-Id: <2A07C696-23D2-44A8-AB2A-34A1864607B1@mit.edu>
Content-Type: multipart/alternative; boundary="Apple-Mail=_75C2B7AE-42BB-4928-A21C-16FAC6B17427"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Tue, 31 Mar 2020 11:12:44 -0400
In-Reply-To: <CAMVRk+LP6be1-dZ3bmpsT+3OPXWs_cP7gvsNEA7-T7Km1UEeOQ@mail.gmail.com>
Cc: oauth <oauth@ietf.org>
To: Jared Jennings <jaredljennings@gmail.com>
References: <CAMVRk+LP6be1-dZ3bmpsT+3OPXWs_cP7gvsNEA7-T7Km1UEeOQ@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/ApMDrQPlzssQzJ3UJ4qVrNs2nO8>
Subject: Re: [OAUTH-WG] RAR - Example JWT for Payment
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Mar 2020 15:12:52 -0000

The “type” is effectively a schema marker for the content of the authorization request object, and so it doesn’t need to be the same domain as the API that’s being hosted. Think of it this way: the type defines the API, this could be a standard body or some other org, and the location defines the specific hosted instance. It’s like defining OpenID Connect at the OIDF and hosting it on your company’s domain.

 — Justin

> On Mar 30, 2020, at 9:18 AM, Jared Jennings <jaredljennings@gmail.com> wrote:
> 
> I have a question about the example and maybe it's more for clarification than anything.
> 
> The example contains type and also location.
> A couple of things
> 1. Would it add clarity if the domain was the same for both? vs. someorg.com <http://someorg.com/> / example.com <http://example.com/>
> 2. While only an example, would it bring clerity to past examples if the type was https://schema.example.com/payment_initiation <https://schema.example.com/payment_initiation> and the location was https://api.example.com/payments <https://api.example.com/payments>
> 
> or am I missing something what the values represent?
> 
> Here's the example I am referring to on page 17.
> {
>       "iss": "https://as.example.com <https://as.example.com/>",
>       "sub": "24400320",
>       "aud": "a7AfcPcsl2",
>       "exp": 1311281970,
>       "acr": "psd2_sca",
>       "txn": "8b4729cc-32e4-4370-8cf0-5796154d1296",
>       "authorization_details": [
>          {
>             "type": "https://www.someorg.com/payment_initiation <https://www.someorg.com/payment_initiation>",
>             "actions": [
>                "initiate",
>                "status",
>                "cancel"
>             ],
>             "locations": [
>                "https://example.com/payments <https://example.com/payments>"
>             ],
>             "instructedAmount": {
>                "currency": "EUR",
>                "amount": "123.50"
>             },
>             "creditorName": "Merchant123",
>             "creditorAccount": {
>                "iban": "DE02100100109307118603"
>             },
>             "remittanceInformationUnstructured": "Ref Number Merchant"
>          }
>       ],
>       "debtorAccount": {
>          "iban": "DE40100100103307118608",
>          "user_role": "owner"
>       }
>    ]
> 
> -Jared
> Skype:jaredljennings
> Signal:+1 816.730.9540
> WhatsApp: +1 816.678.4152
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth