.Nat Zone

Digital Identity et al.

CX on OAuth WRAP

   

Like there can be OpenID GET/POST and Artifact Binding for CX, there can be WRAP binding as well. It is fairly trivial, arguably more trivial than to define OpenID bindings.

  1. Send CX proposal as an additional parameter on the Verification Code Request. Use wrap_client_id as the proposer’s identifier.
  2. On the PoP verification page, display the terms and conditions included in the proposal.
  3. Create the Verification code from the signature of the proposal and some nonce and random.
  4. Web App Client sends the proposal again as an additional parameter on Access Token Request.
  5. Sign the proposal to create the contract, serialize it with Base64 without line end, and return it as the access token on Access Token Response.

That’s all.

 - Uncategorized