Archived 2023.08.11. Content moved to JSON Web Token (JWT)
Question
The Admin API specification below states that the admin service may only be called by the Consumer Data Right (CDR) Register. Can you please clarify how the authentication process will happen in the above scenario?
Answer
The expected behaviour related to the underlying normative standards can be referenced to RFC6750 section 2.1 for details on the "Authorization Request Header Field".
For the CDR Register connecting to the Get Metrics endpoint, the issuer is the CDR Register and their signed JWT will be presented in the Authorisation header as a bearer token.
Note that the JWKS endpoint for the CDR Register is not publicly available - it will be supplied to Data Holders as part of the onboarding process with the CDR Register.
Source
Comments
0 comments
Please sign in to leave a comment.