Well-Known

This URL returns a JSON listing of the OpenID/OAuth endpoints, supported scopes and claims, public keys used to sign the tokens, and other details. The clients can use this information to construct a request to the OpenID server. The field names and values are defined in the OpenID Connect Discovery Specification.

CURL

curl -i  \ 
 -X GET "/.well-known/openid-configuration/:provider_code"

Example of request

{"provider_code":"demobank"}

Example of response

{"token_endpoint_auth_signing_alg_values_supported":["RS256","PS256"],"issuer":"https://priora.saltedge.com","authorization_endpoint":"https://connector.saltedge.com/demobank/authorize","token_endpoint":"https://priora.saltedge.com/api/oidc/tokens","registration_endpoint":"https://priora.saltedge.com/open_banking/v3.2/tpp/register","service_documentation":"https://priora.saltedge.com/docs/open_banking","jwks_uri":"https://priora.saltedge.com.oidc/demobank/jwks","scopes_supported":["openid","accounts"],"response_types_supported":["code"],"grant_types_supported":["authorization_code"],"token_endpoint_auth_methods_supported":["client_secret_basic"],"request_object_signing_alg_values_supported":["RS256","PS256"]}
Request

GET /.well-known/openid-configuration/:provider_code

Request parameters
provider_code (path)
string, required
Human readable Provider identifier. Can raise: NotFound, Forbidden
Response

This URL returns a JSON listing of the OpenID/OAuth endpoints, supported scopes and claims, public keys used to sign the tokens, and other details. The clients can use this information to construct a request to the OpenID server. The field names and values are defined in the OpenID Connect Discovery Specification.


issuer
string, required
Issuer identifier URL
authorization_endpoint
string, required
URL of the authorization server's authorization endpoint
token_endpoint
string, required
URL of the authorization server's token endpoint
registration_endpoint
string, required
URL of the authorization server's OAuth 2.0 Dynamic Client Registration Endpoint
service_documentation
string, required
URL of a page containing human-readable information that developers might want or need to know when using the authorization server
jwks_uri
string, required
URL of the authorization server's JWK Set document
scopes_supported
array, required
JSON array containing a list of the OAuth 2.0 "scope" values that this authorization server supports Allowed values: openid, accounts, payments, fundsconfirmations
response_types_supported
array, required
JSON array containing a list of the OAuth 2.0 "response_type" values that this authorization server supports Allowed values: code
grant_types_supported
array, required
JSON array containing a list of the OAuth 2.0 "grant_type" values that this authorization server supports Allowed values: client_credentials, authorization_code, refresh_token
token_endpoint_auth_methods_supported
array, required
JSON array containing a list of client authentication methods supported by this token endpoint Allowed values: client_secret_basic, private_key_jwt
token_endpoint_auth_signing_alg_values_supported
array, required
JSON array containing a list of the JWS signing algorithms supported by the token endpoint for the signature on the JWT used to authenticate the client at the token endpoint Allowed values: RS256, PS256
request_object_signing_alg_values_supported
array, required
JSON array containing a list of the JWS signing algorithms supported by Salt Edge OB KSA Compliance Solution. Allowed values: RS256, PS256
Related Errors
Class Code Description
Forbidden 403 Specified resource is not allowed to perform an action.
NotFound 404 Specified resource doesn't exist or doesn't correspond.

JWKs

This URL returns a JSON object that represents a set of JWKs

CURL

curl -i  \ 
 -X GET "/api/oidc/:provider_code/jwks"

Example of request

{"provider_code":"demobank"}

Example of response

{"keys":[{"kty":"RSA","use":"sig","kid":"2f201e95d5aa1681a74c65949a48e851111cf623387fedc9a135369db823a57a","e":"AQAB","n":"qp0_0OInrcOqHCxyGOzn_XCo2G_JR3IrQA95ykx_31u_eJjV6cs01jDyeLXXJh-ZNYKuoRBhBebXbee-U89MPhKCT2vpXA5Cgi2r60FXztFpnhY1350xULOcHIo3rOSjQVxRIZ0MFKpPPdrftU2O8ogfksstec4z5K9v0C37BB6XZXRFdZxEhuITgwZBEyVmows01XKCz4bEfytAisftAhji7ufNpJNK6k75wN7_twHRxnw8hex8sJfYdY-lcBlJHqqRkAKo5v_pB0Iy0lqox-GaPJYxUHibgMbbFmTJPc0juuMtl5Xuhe3kijuyg1OqiswOoy-idHx215P8RChFqQ"}]}
Request

GET /api/oidc/:provider_code/jwks

Request parameters
provider_code (path)
string, required
Human readable Provider identifier.
Response

This URL returns a JSON object that represents a set of JWKs


Create

The token endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token. The token endpoint is used with every authorization grant except for the implicit grant type (since an access token is issued directly).

CURL

curl -i  \ 
 -H "Content-Type: application/x-www-form-urlencoded" \ 
 -H "Authorization: Basic bFZNaHFFakdET1ZrMnNnOV9JNDN1Zzp3a0JoME9TSlJ1R2QycFIxUV9vMEdhTUhNV21GU3J3QXBBSGFjSEdLaW2gq" \ 
 -X POST "/api/oidc/:provider_code/tokens"

Example of request

Example of response

{"access_token":"AFpjf1410fAMA","id_token":"jwt encoded client token data","refresh_token":"560dd8e9d960a2e160ca2b24198a40a76ee032cbb4b5af61ac47298b730ed903","token_type":"Bearer","scope":["openid"]}
Request

POST /api/oidc/:provider_code/tokens

Headers
Header Type Description
Content-Type string, required The media type of the body of the request. Allowed values: application/x-www-form-urlencoded
Request parameters
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.


access_token
string, required
The access token issued by the authorization server.
id_token
string, required
The id of the access_token on the Salt Edge OB KSA Compliance Solution side.
refresh_token
string, required
The refresh token, which can be used to obtain new access tokens using the same authorization grant.
token_type
string, required
The type of the token issued. Allowed values: Bearer
scope
string, required
Scopes that included in access_token.
Related Errors
Class Code Description
InvalidClientAssertion 400 Given client_assertion is invalid or malformed.
InvalidRequest 400 Given data is invalid. More in message.
Forbidden 403 Specified resource is not allowed to perform an action.
NotFound 404 Provider for given code is not found
TooEarly 425 Request was sent too early, please try again later.