You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/Service.md
+1-11Lines changed: 1 addition & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -98,7 +98,7 @@ Name | Type | Description | Notes
98
98
**SupportedIdentityDocuments** | Pointer to **[]string** | Identity documents supported by this service. This corresponds to the `id_documents_supported`[metadata](https://openid.net/specs/openid-connect-4-identity-assurance-1_0.html#rfc.section.7). | [optional]
99
99
**SupportedVerificationMethods** | Pointer to **[]string** | Verification methods supported by this service. This corresponds to the `id_documents_verification_methods_supported`[metadata](https://openid.net/specs/openid-connect-4-identity-assurance-1_0.html#rfc.section.7). | [optional]
100
100
**SupportedVerifiedClaims** | Pointer to **[]string** | Verified claims supported by this service. This corresponds to the `claims_in_verified_claims_supported`[metadata](https://openid.net/specs/openid-connect-4-identity-assurance-1_0.html#rfc.section.7). | [optional]
**Attributes** | Pointer to [**[]Pair**](Pair.md) | The attributes of this service. | [optional]
103
103
**NbfOptional** | Pointer to **bool** | The flag indicating whether the nbf claim in the request object is optional even when the authorization request is regarded as a FAPI-Part2 request. The final version of Financial-grade API was approved in January, 2021. The Part 2 of the final version has new requirements on lifetime of request objects. They require that request objects contain an `nbf` claim and the lifetime computed by `exp` - `nbf` be no longer than 60 minutes. Therefore, when an authorization request is regarded as a FAPI-Part2 request, the request object used in the authorization request must contain an nbf claim. Otherwise, the authorization server rejects the authorization request. When this flag is `true`, the `nbf` claim is treated as an optional claim even when the authorization request is regarded as a FAPI-Part2 request. That is, the authorization server does not perform the validation on lifetime of the request object. Skipping the validation is a violation of the FAPI specification. The reason why this flag has been prepared nevertheless is that the new requirements (which do not exist in the Implementer's Draft 2 released in October, 2018) have big impacts on deployed implementations of client applications and Authlete thinks there should be a mechanism whereby to make the migration from ID2 to Final smooth without breaking live systems. | [optional]
104
104
**IssSuppressed** | Pointer to **bool** | The flag indicating whether generation of the iss response parameter is suppressed. \"OAuth 2.0 Authorization Server Issuer Identifier in Authorization Response\" has defined a new authorization response parameter, `iss`, as a countermeasure for a certain type of mix-up attacks. The specification requires that the `iss` response parameter always be included in authorization responses unless JARM (JWT Secured Authorization Response Mode) is used. When this flag is `true`, the authorization server does not include the `iss` response parameter in authorization responses. By turning this flag on and off, developers of client applications can experiment the mix-up attack and the effect of the `iss` response parameter. Note that this flag should not be `true` in production environment unless there are special reasons for it. | [optional]
0 commit comments