Welcome to the Consumer Data Right Support Portal

Check out our guides, browse through our FAQs, and post your own questions for Support.

New to the Consumer Data Right? Learn more

[ARCHIVE] Authorization header during ADR revocation endpoint call Follow

Avatar
Neale Morison
  • Created:
  • Last edited:
  • Updated

Archived 2023.08.11. Content moved to Guidance on Client Authentication.

Question

Does the Data Holder (DH) need to pass any authorization header with an Accredited Data Recipient (ADR) revocation endpoint call?

If so, who generates the authorisation  JSON Web Token (JWT) and how does the ADR validate the token?

Answer

The revocation call from the DH to the ADR requires client authentication. The client assertion is sent in the body of the POST request.

The JWT is signed using the DH's private key.

The ADR can decrypt and validate the JWT by using the DH's public key, obtained by calling the DH's JWKS endpoint.

 

See:

 

Comments

0 comments

Please sign in to leave a comment.