Question
In CDS Client Authorisation, Data Holders (DHs) calling Accredited Data Recipients (ADRs), the aud
claim is required.
If the DH is calling the ADR's arrangement revocation endpoint, where the data recipient's base URI is https://datarecipient.com.au/, is the expected value in the aud
claim "https://datarecipient.com.au/arrangements/revoke" or just "https://datarecipient.com.au/"?
Answer
The aud
claim is the RecipientBaseUri
provided in the software statement assertion (SSA). In your example that would be "https://datarecipient.com.au/".
Comments
0 comments
Please sign in to leave a comment.