From 18862c0899a1f9bf35b4644ea9aa62077f9135d5 Mon Sep 17 00:00:00 2001 From: James Bligh <40985476+JamesMBligh@users.noreply.github.com> Date: Fri, 14 Apr 2023 07:36:52 +0100 Subject: [PATCH] Release/1.23.0 (#300) * Standards Maintenance Issue 546: Updated DCR and Register swagger specifications to use Common Field Types * Added diff and release notes * Fixed redirect_uris array use of URIString in relation to maintenance comment: https://github.com/ConsumerDataStandardsAustralia/standards-maintenance/issues/546#issuecomment-1291428306 * Updated code formatting and indenting * Added Enum common type usage * Updated DCR and Register specs based on community feedback to the Common Field Types implementation * Updated swaggers to remove format fields * Updated diff for the Register API changes * Fixed formatting * Updated Register APIs based on ACCC feedback * Base branch for v1.22.0 * Draft updates 1 DP 275 * Retain v1.21.0 delta statements * Rebuild * Fixed open-status reversal * Rebuild * Create release notes Add archive entry Add change log entry * Release notes * Add archived API versions * Add new field to the swagger Add FDO Update endpoint schedule * Add diff statements * Fix missing obselete link in Get Accounts * Fix obselete message bug * Fixed Issue with AccontDetail * Rebuild Add in Telco diff statement Add Telco release notes * Merge of 1.22.0 * Remove external refs on client IDs * Remove common string references * Review updates * Release notes * Rebuild Diff statement * Updates to x-v headers * reverted account scope * Updated other account scopes * Update extended security documentation * Rebuild * Engage Festive * Rebuild with FESTIVE ENGAGED * Fix additional TDIF links * Fix ACCC fonts * Fix minor defects picked up after publish Rebuild * - Update version to 1.22.1 - Remove diff statements - Add links for archive - Add draft release notes * Removed santa hat * Restored diff overview statement Removed last actual diff statement * Full rebuild * Add binding statement * Add diff and release notes * Fix diff typo * Fix FDOs Fix Obligation table Add release notes * Update * Fix the binding date for Get Energy Account Detail V2 Removed the TBC dates for v1.19.0 Release notes * Rebuild * Update end point version schedule links Release notes * Changed error model for energy to ResponseErrorListV2 Rebuild * Fixed typo Rebuild * Update release notes for 227 * Rebuild * Added release notes for Telco * Apply energy changes to SDH swagger also * Rebuild * Fix error model in Telco Fix release note types Rebuild * Update V2 error list (#267) * Fix Telco merge Rebuild * Rebuild * Fix publish date Rebuild * Base branch for 1.23.0 * Standards Maintenance Issue #576: Update security profile sections allowing ID token encryption when using ACF * Updated DCR spec to treat ID token encryption claims as conditional * Standards Maintenance Issue #576: Removed Additional Note for v1.22.0 from version delta notes * Rebuild * Rebuild * Rebuild --------- Co-authored-by: Mark Verstege <2514377+markverstege@users.noreply.github.com> Co-authored-by: Kirkycdr Co-authored-by: kirkycdr <91938516+kirkycdr@users.noreply.github.com> Co-authored-by: Hemang Rathod --- docs/includes/archives | 5 + docs/includes/cds_dcr | 8 +- docs/includes/changelog | 6 + .../releasenotes/releasenotes.1.23.0.html | 290 ++++++++++++++++++ docs/includes/swagger/cds_admin.json | 2 +- docs/includes/swagger/cds_admin.yaml | 2 +- docs/includes/swagger/cds_banking.json | 2 +- docs/includes/swagger/cds_banking.yaml | 2 +- docs/includes/swagger/cds_common.json | 2 +- docs/includes/swagger/cds_common.yaml | 2 +- docs/includes/swagger/cds_dcr.json | 11 +- docs/includes/swagger/cds_dcr.yaml | 13 +- docs/includes/swagger/cds_energy.json | 2 +- docs/includes/swagger/cds_energy.yaml | 2 +- docs/includes/swagger/cds_energy_sdh.json | 2 +- docs/includes/swagger/cds_energy_sdh.yaml | 2 +- docs/includes/swagger/cds_register.json | 2 +- docs/includes/swagger/cds_register.yaml | 2 +- docs/includes/swagger/cds_telco.json | 2 +- docs/includes/swagger/cds_telco.yaml | 2 +- docs/index.html | 69 ++--- slate/source/includes/_telco_apis.md.erb | 3 - slate/source/includes/archives.md | 1 + slate/source/includes/cds_dcr.md | 4 +- slate/source/includes/changelog.md | 1 + .../_endpoint_version_schedule.md | 13 - slate/source/includes/introduction/_fdo.md | 7 - slate/source/includes/introduction/_intro.md | 6 +- .../releasenotes/releasenotes.1.23.0.html.md | 55 ++++ .../security/_client_registration.md.erb | 11 +- slate/source/includes/security/_tokens.md | 5 +- .../source/includes/standards/_versioning.md | 4 - slate/source/includes/swagger/cds_admin.json | 2 +- slate/source/includes/swagger/cds_admin.yaml | 2 +- .../source/includes/swagger/cds_banking.json | 2 +- .../source/includes/swagger/cds_banking.yaml | 2 +- slate/source/includes/swagger/cds_common.json | 2 +- slate/source/includes/swagger/cds_common.yaml | 2 +- slate/source/includes/swagger/cds_dcr.json | 11 +- slate/source/includes/swagger/cds_dcr.yaml | 13 +- slate/source/includes/swagger/cds_energy.json | 2 +- slate/source/includes/swagger/cds_energy.yaml | 2 +- .../includes/swagger/cds_energy_sdh.json | 2 +- .../includes/swagger/cds_energy_sdh.yaml | 2 +- .../source/includes/swagger/cds_register.json | 2 +- .../source/includes/swagger/cds_register.yaml | 2 +- slate/source/includes/swagger/cds_telco.json | 2 +- slate/source/includes/swagger/cds_telco.yaml | 2 +- swagger-gen/api/cds_admin.json | 2 +- swagger-gen/api/cds_banking.json | 2 +- swagger-gen/api/cds_common.json | 2 +- swagger-gen/api/cds_dcr.json | 12 +- swagger-gen/api/cds_energy.json | 2 +- swagger-gen/api/cds_energy_sdh.json | 2 +- swagger-gen/api/cds_register.json | 2 +- swagger-gen/api/cds_telco.json | 2 +- swagger-gen/cds_dcr.md | 4 +- 57 files changed, 478 insertions(+), 144 deletions(-) create mode 100644 docs/includes/releasenotes/releasenotes.1.23.0.html create mode 100644 slate/source/includes/releasenotes/releasenotes.1.23.0.html.md diff --git a/docs/includes/archives b/docs/includes/archives index 18cdc691..86f0c815 100644 --- a/docs/includes/archives +++ b/docs/includes/archives @@ -9,6 +9,11 @@ +22/03/2023 +1.22.1 +Changes arising from Change Request 576 (Maintenance iteration 14) + + 22/12/2022 1.22.0 Changes arising from Decision 271 (Maintenance iteration 13) diff --git a/docs/includes/cds_dcr b/docs/includes/cds_dcr index bc9d477c..4dc4e9d1 100644 --- a/docs/includes/cds_dcr +++ b/docs/includes/cds_dcr @@ -855,14 +855,14 @@ To perform this operation, you must be authenticated and authorised with the fol id_token_encrypted_response_alg ExternalRef -mandatory -JWE alg algorithm with which an id_token is to be encrypted +conditional +JWE alg algorithm with which an id_token is to be encrypted.

Required if OIDC Hybrid Flow (response type code id_token) is registered. id_token_encrypted_response_enc ExternalRef -mandatory -JWE enc algorithm with which an id_token is to be encrypted +conditional +JWE enc algorithm with which an id_token is to be encrypted.

Required if OIDC Hybrid Flow (response type code id_token) is registered. authorization_signed_response_alg diff --git a/docs/includes/changelog b/docs/includes/changelog index 5e8607a1..6e91782f 100644 --- a/docs/includes/changelog +++ b/docs/includes/changelog @@ -10,6 +10,12 @@ +14/04/2023 +1.23.0 +Changes arising from Decision Proposal 298 +See release notes and Decision 298 for details. + + 22/03/2023 1.22.1 Patch release including updates to draft Telco standards diff --git a/docs/includes/releasenotes/releasenotes.1.23.0.html b/docs/includes/releasenotes/releasenotes.1.23.0.html new file mode 100644 index 00000000..c5f7514b --- /dev/null +++ b/docs/includes/releasenotes/releasenotes.1.23.0.html @@ -0,0 +1,290 @@ + + + + + + + + Consumer Data Standards - v1.23.0 Release Notes + + + + + + + + + + + + NAV + Navbar + + + +
+
+

V1.23.0 Release Notes

+

Release notes for version v1.23.0 of the CDR Standards.

+

Changes Made

Change Requests

+

This release addresses the following change requests raised on Standards Maintenance:

+ + +

Decision Proposals

+

This release addresses the following Decision Proposals published on Standards:

+ + +

Introduction

+

No Change

+

High Level Standards

+

No Change

+

API End Points

+

No Change

+

Information Security Profile

+ + + + + + + + + + + + +
ChangeDescriptionLink
Allow id token encryption for Auth Code FlowChange Request #576: Updated Security Profile to allow encryption of id tokens when using Auth Code FlowSecurity Profile
+

Consumer Experience

+

No Change

+

Known Issues

+

No Change

+ +
+
+ + diff --git a/docs/includes/swagger/cds_admin.json b/docs/includes/swagger/cds_admin.json index 3b39911c..c1dc211e 100644 --- a/docs/includes/swagger/cds_admin.json +++ b/docs/includes/swagger/cds_admin.json @@ -12,7 +12,7 @@ "url" : "https://opensource.org/licenses/MIT" }, "title" : "CDR Admin API", - "version" : "1.22.1" + "version" : "1.23.0" }, "servers" : [ { "url" : "https://data.holder.com.au/cds-au/v1" diff --git a/docs/includes/swagger/cds_admin.yaml b/docs/includes/swagger/cds_admin.yaml index 52bda618..f43c750c 100644 --- a/docs/includes/swagger/cds_admin.yaml +++ b/docs/includes/swagger/cds_admin.yaml @@ -11,7 +11,7 @@ info: name: MIT License url: https://opensource.org/licenses/MIT title: CDR Admin API - version: 1.22.1 + version: 1.23.0 servers: - url: https://data.holder.com.au/cds-au/v1 paths: diff --git a/docs/includes/swagger/cds_banking.json b/docs/includes/swagger/cds_banking.json index a1042dcb..2f67cd16 100644 --- a/docs/includes/swagger/cds_banking.json +++ b/docs/includes/swagger/cds_banking.json @@ -12,7 +12,7 @@ "url" : "https://opensource.org/licenses/MIT" }, "title" : "CDR Banking API", - "version" : "1.22.1" + "version" : "1.23.0" }, "servers" : [ { "url" : "https://data.holder.com.au/cds-au/v1" diff --git a/docs/includes/swagger/cds_banking.yaml b/docs/includes/swagger/cds_banking.yaml index 79a2b23f..c3097d1b 100644 --- a/docs/includes/swagger/cds_banking.yaml +++ b/docs/includes/swagger/cds_banking.yaml @@ -11,7 +11,7 @@ info: name: MIT License url: https://opensource.org/licenses/MIT title: CDR Banking API - version: 1.22.1 + version: 1.23.0 servers: - url: https://data.holder.com.au/cds-au/v1 paths: diff --git a/docs/includes/swagger/cds_common.json b/docs/includes/swagger/cds_common.json index 3c027993..60e3b20b 100644 --- a/docs/includes/swagger/cds_common.json +++ b/docs/includes/swagger/cds_common.json @@ -12,7 +12,7 @@ "url" : "https://opensource.org/licenses/MIT" }, "title" : "CDR Common API", - "version" : "1.22.1" + "version" : "1.23.0" }, "servers" : [ { "url" : "https://data.holder.com.au/cds-au/v1" diff --git a/docs/includes/swagger/cds_common.yaml b/docs/includes/swagger/cds_common.yaml index a14c6af0..db1a051a 100644 --- a/docs/includes/swagger/cds_common.yaml +++ b/docs/includes/swagger/cds_common.yaml @@ -11,7 +11,7 @@ info: name: MIT License url: https://opensource.org/licenses/MIT title: CDR Common API - version: 1.22.1 + version: 1.23.0 servers: - url: https://data.holder.com.au/cds-au/v1 paths: diff --git a/docs/includes/swagger/cds_dcr.json b/docs/includes/swagger/cds_dcr.json index b2d2496a..1d169a0d 100644 --- a/docs/includes/swagger/cds_dcr.json +++ b/docs/includes/swagger/cds_dcr.json @@ -3,7 +3,7 @@ "info" : { "description" : "This specification defines the APIs for Data Holders exposing Dynamic Client Registration endpoints.", "title" : "CDR Dynamic Client Registration API", - "version" : "1.22.1" + "version" : "1.23.0" }, "servers" : [ { "url" : "https://data.holder.com.au/" @@ -454,13 +454,13 @@ "x-cds-type" : "Enum" }, "id_token_encrypted_response_alg" : { - "description" : "JWE `alg` algorithm with which an id_token is to be encrypted", + "description" : "JWE `alg` algorithm with which an id_token is to be encrypted.

Required if OIDC Hybrid Flow (response type `code id_token`) is registered.", "example" : "RSA-OAEP", "type" : "string", "x-cds-type" : "ExternalRef" }, "id_token_encrypted_response_enc" : { - "description" : "JWE `enc` algorithm with which an id_token is to be encrypted", + "description" : "JWE `enc` algorithm with which an id_token is to be encrypted.

Required if OIDC Hybrid Flow (response type `code id_token`) is registered.", "example" : "A256GCM", "type" : "string", "x-cds-type" : "ExternalRef" @@ -514,8 +514,9 @@ "type" : "string" } }, - "required" : [ "client_description", "client_id", "client_name", "client_uri", "grant_types", "id_token_encrypted_response_alg", "id_token_encrypted_response_enc", "id_token_signed_response_alg", "jwks_uri", "logo_uri", "org_id", "org_name", "redirect_uris", "request_object_signing_alg", "response_types", "scope", "software_id", "software_statement", "token_endpoint_auth_method", "token_endpoint_auth_signing_alg" ], - "type" : "object" + "required" : [ "client_description", "client_id", "client_name", "client_uri", "grant_types", "id_token_signed_response_alg", "jwks_uri", "logo_uri", "org_id", "org_name", "redirect_uris", "request_object_signing_alg", "response_types", "scope", "software_id", "software_statement", "token_endpoint_auth_method", "token_endpoint_auth_signing_alg" ], + "type" : "object", + "x-conditional" : [ "id_token_encrypted_response_alg", "id_token_encrypted_response_enc" ] }, "ClientRegistration" : { "allOf" : [ { diff --git a/docs/includes/swagger/cds_dcr.yaml b/docs/includes/swagger/cds_dcr.yaml index 4f6f49cf..e0929cf3 100644 --- a/docs/includes/swagger/cds_dcr.yaml +++ b/docs/includes/swagger/cds_dcr.yaml @@ -3,7 +3,7 @@ info: description: This specification defines the APIs for Data Holders exposing Dynamic Client Registration endpoints. title: CDR Dynamic Client Registration API - version: 1.22.1 + version: 1.23.0 servers: - url: https://data.holder.com.au/ paths: @@ -437,12 +437,14 @@ components: type: string x-cds-type: Enum id_token_encrypted_response_alg: - description: JWE `alg` algorithm with which an id_token is to be encrypted + description: JWE `alg` algorithm with which an id_token is to be encrypted.

Required + if OIDC Hybrid Flow (response type `code id_token`) is registered. example: RSA-OAEP type: string x-cds-type: ExternalRef id_token_encrypted_response_enc: - description: JWE `enc` algorithm with which an id_token is to be encrypted + description: JWE `enc` algorithm with which an id_token is to be encrypted.

Required + if OIDC Hybrid Flow (response type `code id_token`) is registered. example: A256GCM type: string x-cds-type: ExternalRef @@ -517,8 +519,6 @@ components: - client_name - client_uri - grant_types - - id_token_encrypted_response_alg - - id_token_encrypted_response_enc - id_token_signed_response_alg - jwks_uri - logo_uri @@ -533,6 +533,9 @@ components: - token_endpoint_auth_method - token_endpoint_auth_signing_alg type: object + x-conditional: + - id_token_encrypted_response_alg + - id_token_encrypted_response_enc ClientRegistration: allOf: - $ref: '#/components/schemas/ClientRegistration_allOf' diff --git a/docs/includes/swagger/cds_energy.json b/docs/includes/swagger/cds_energy.json index 004d787e..0a0ec76f 100644 --- a/docs/includes/swagger/cds_energy.json +++ b/docs/includes/swagger/cds_energy.json @@ -3,7 +3,7 @@ "info" : { "description" : "Consumer Data Right end points and payloads for the Energy sector", "title" : "CDR Energy API", - "version" : "1.22.1" + "version" : "1.23.0" }, "servers" : [ { "url" : "/" diff --git a/docs/includes/swagger/cds_energy.yaml b/docs/includes/swagger/cds_energy.yaml index 13a82331..9f5d2129 100644 --- a/docs/includes/swagger/cds_energy.yaml +++ b/docs/includes/swagger/cds_energy.yaml @@ -2,7 +2,7 @@ openapi: 3.0.3 info: description: Consumer Data Right end points and payloads for the Energy sector title: CDR Energy API - version: 1.22.1 + version: 1.23.0 servers: - url: / paths: diff --git a/docs/includes/swagger/cds_energy_sdh.json b/docs/includes/swagger/cds_energy_sdh.json index c3d85056..d5fe0eb1 100644 --- a/docs/includes/swagger/cds_energy_sdh.json +++ b/docs/includes/swagger/cds_energy_sdh.json @@ -3,7 +3,7 @@ "info" : { "description" : "Consumer Data Right end points and payloads for Secondary Data Holder for the Energy sector", "title" : "CDR Energy Secondary Data Holder API", - "version" : "1.22.1" + "version" : "1.23.0" }, "servers" : [ { "url" : "/" diff --git a/docs/includes/swagger/cds_energy_sdh.yaml b/docs/includes/swagger/cds_energy_sdh.yaml index 9af9a0a5..8ac1e742 100644 --- a/docs/includes/swagger/cds_energy_sdh.yaml +++ b/docs/includes/swagger/cds_energy_sdh.yaml @@ -3,7 +3,7 @@ info: description: Consumer Data Right end points and payloads for Secondary Data Holder for the Energy sector title: CDR Energy Secondary Data Holder API - version: 1.22.1 + version: 1.23.0 servers: - url: / paths: diff --git a/docs/includes/swagger/cds_register.json b/docs/includes/swagger/cds_register.json index 40e49716..000a799e 100644 --- a/docs/includes/swagger/cds_register.json +++ b/docs/includes/swagger/cds_register.json @@ -2,7 +2,7 @@ "openapi" : "3.0.3", "info" : { "title" : "CDR Participant Discovery API", - "version" : "1.22.1" + "version" : "1.23.0" }, "servers" : [ { "url" : "https:///" diff --git a/docs/includes/swagger/cds_register.yaml b/docs/includes/swagger/cds_register.yaml index 0b1cbd07..49811476 100644 --- a/docs/includes/swagger/cds_register.yaml +++ b/docs/includes/swagger/cds_register.yaml @@ -1,7 +1,7 @@ openapi: 3.0.3 info: title: CDR Participant Discovery API - version: 1.22.1 + version: 1.23.0 servers: - url: https:/// paths: diff --git a/docs/includes/swagger/cds_telco.json b/docs/includes/swagger/cds_telco.json index b0e1358c..636c88ca 100644 --- a/docs/includes/swagger/cds_telco.json +++ b/docs/includes/swagger/cds_telco.json @@ -12,7 +12,7 @@ "url" : "https://opensource.org/licenses/MIT" }, "title" : "CDR Telco API", - "version" : "1.22.1" + "version" : "1.23.0" }, "servers" : [ { "url" : "https://data.holder.com.au/cds-au/v1" diff --git a/docs/includes/swagger/cds_telco.yaml b/docs/includes/swagger/cds_telco.yaml index 71983504..94e2f703 100644 --- a/docs/includes/swagger/cds_telco.yaml +++ b/docs/includes/swagger/cds_telco.yaml @@ -11,7 +11,7 @@ info: name: MIT License url: https://opensource.org/licenses/MIT title: CDR Telco API - version: 1.22.1 + version: 1.23.0 servers: - url: https://data.holder.com.au/cds-au/v1 paths: diff --git a/docs/index.html b/docs/index.html index e469d934..fea60a7e 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1757,7 +1757,6 @@

Introduction

This text is an example of text removed from the standards: - Old text removed Note: changes to request and response payloads are listed at the beginning of the relevant API section due to the documentation being auto generated from OpenAPI specification files. -Additional note for v1.22.0: For this version only the delta statements from v1.21.0 have been retained in v1.22.0 as the release dates between the two versions were close together. The affected delta statements will be noted as being associated with v1.21.0

These standards have been developed as part of the Australian Government's introduction of the Consumer Data Right legislation to give Australians greater control over their data.

@@ -1773,14 +1772,11 @@

Introduction

  • where the standards are specified as binding standards as required by the Consumer Data Right rules for the purposes of s56FA of the legislation, they apply as under contract between a data holder and an accredited data recipient. The legal effect of binding standards as between data holders and accredited data recipients is fully set out in s56FD and s56FE of the legislation.
  • -
    + Added binding statement in response to legal advice
    -
    -

    Some of these standards will be binding data standards under the Competition and Consumer (Consumer Data Right) Data Standards (No. 1) 2023. See that instrument here. In summary, provisions of these standards (as they exist from time to time) that impose obligations or prohibitions on CDR entities are binding data standards. Provisions included in these standards merely by way of guidance are not binding data standards.

    Version

    -

    These standards represent version 1.22.1 of the high level standards. See the versioning section for more information on how versions are managed in the standard.

    +

    These standards represent version 1.23.0 of the high level standards. See the versioning section for more information on how versions are managed in the standard.

    Interpretation

    @@ -1792,13 +1788,6 @@

    Future Dated Obligations

    The table below highlights these areas of the standards.

    -
    Removed obligations more than six months in the past
    -
    -Reordered FDO entries by applicable date
    -
    -Corrected some typos
    -
    - @@ -1965,18 +1954,8 @@

    Register Dependency Schedule

    The actual release dates for the Register APIs are expected to occur prior to these dates and are not defined by the Standards.

    -

    Endpoint Version Schedule

    Updated the obligation dates schedule to have correct
    -numbers for each date
    -
    -Removed entries in the obligation dates schedule older
    -than six months
    -
    -Corrected the year of the obligation date for Get
    -Energy Account Detail V2
    +

    Endpoint Version Schedule

    -Corrected link to go directly to the end point version -schedule -

    A table-view of all endpoint versioning is available here.

    Normative References

    @@ -2355,15 +2334,14 @@

    End Point Versioning

    Each end point will have multiple versions independent of other end points. A specific end point version will be requested by a client using a HTTP header. This header will be supported by all end points under the API standards. See the section on HTTP Headers for more information on how versions are requested and supplied under the standards.

    -
    Corrected link to go directly to the end point version
    -schedule
    -

    A table-view of all endpoint versioning is available here.

    URI Structure

    +

    Some example URIs that meet this standard are:

    +
    1. https://www.bank.com.au/api/cds-au/v1/banking/accounts  
     2. https://www.bank.com.au/api/cds-au/v1/banking/accounts/abc123/transactions/?x=y#bar  
     3. https://www.bank.com.au/complex/uri/taxonomy/cds-au/v1/banking/products?page=2  
    @@ -5309,7 +5287,9 @@ 

    SSA Definition

    Section

    Get Software Statement Assertion API v1 & v2 has the scope claim explicitly defined.

    -

    Registration Request using JWT

    +

    Registration Request using JWT

    Removed following requirement from id_token_encrypted_response_alg and id_token_encrypted_response_enc fields:
    +- Must be ignored for Authorization Code Flow
    +

    Example Request Client registration with OpenID Hybrid Flow

    @@ -5479,13 +5459,13 @@

    Registration Request using JWT

    id_token_encrypted_response_alg -Required -JWE alg algorithm with which an id_token is to be encrypted.

    Required if OIDC Hybrid Flow (response_type “code id_token”) is registered. Must be ignored for Authorization Code Flow. +Conditional +JWE alg algorithm with which an id_token is to be encrypted.

    Required if OIDC Hybrid Flow (response type code id_token) is registered. id_token_encrypted_response_enc -Required -JWE enc algorithm with which an id_token is to be encrypted.

    Required if OIDC Hybrid Flow (response_type “code id_token”) is registered. Must be ignored for Authorization Code Flow. +Conditional +JWE enc algorithm with which an id_token is to be encrypted.

    Required if OIDC Hybrid Flow (response type code id_token) is registered. authorization_signed_response_alg @@ -6146,8 +6126,9 @@
    Hashing value for state
  • The c_hash value MUST be generated according to section 3.3.2.11 of [OIDC].
  • The s_hash value MUST be generated according to section 5.1.1 of [FAPI-1.0-Advanced].
  • -

    Authorization Code Flow requirements

    -

    For response_type “code”, in accordance with [FAPI-1.0-Advanced], ID Tokens MUST be signed and MUST NOT be encrypted when returned to a Data Recipient Software Product from the Token End Point.

    +

    Authorization Code Flow requirements

    Authorization Code Flow requirements: Removed requirement stating ID tokens MUST NOT be encrypted
    +
    +

    For response_type code, in accordance with [FAPI-1.0-Advanced], ID Tokens MUST be signed when returned to a Data Recipient Software Product from the Token End Point.

    Access Token

    Access Tokens MUST be used as specified in section 10.3 of [OAUTH2].

    @@ -8517,14 +8498,14 @@

    RegistrationProperties id_token_encrypted_response_alg ExternalRef -mandatory -JWE alg algorithm with which an id_token is to be encrypted +conditional +JWE alg algorithm with which an id_token is to be encrypted.

    Required if OIDC Hybrid Flow (response type code id_token) is registered. id_token_encrypted_response_enc ExternalRef -mandatory -JWE enc algorithm with which an id_token is to be encrypted +conditional +JWE enc algorithm with which an id_token is to be encrypted.

    Required if OIDC Hybrid Flow (response type code id_token) is registered. authorization_signed_response_alg @@ -43401,8 +43382,7 @@

    Telco APIs

    -
    Telco draft standards have been updated in accordance with feedback obtained via consultation
    -
    + @@ -65032,6 +65012,12 @@

    Change Log

    + + + + + + @@ -65469,6 +65455,11 @@

    Archives

    + + + + + diff --git a/slate/source/includes/_telco_apis.md.erb b/slate/source/includes/_telco_apis.md.erb index 8c477454..8b2ba0dd 100644 --- a/slate/source/includes/_telco_apis.md.erb +++ b/slate/source/includes/_telco_apis.md.erb @@ -8,9 +8,6 @@ This specification defines the APIs for Data Holders exposing Telecommunications Note that the standards for the telecommunications sector are currently in draft only and are not binding -```diff -Telco draft standards have been updated in accordance with feedback obtained via consultation -```
    Telco OpenAPI Specification (JSON)
    Telco OpenAPI Specification (YAML)
    14/04/20231.23.0Changes arising from Decision Proposal 298See release notes and Decision 298 for details.
    22/03/2023 1.22.1 Patch release including updates to draft Telco standards
    22/03/20231.22.1Changes arising from Change Request 576 (Maintenance iteration 14)
    22/12/2022 1.22.0 Changes arising from Decision 271 (Maintenance iteration 13)
    diff --git a/slate/source/includes/archives.md b/slate/source/includes/archives.md index 55e3ee40..c9a666e4 100644 --- a/slate/source/includes/archives.md +++ b/slate/source/includes/archives.md @@ -4,6 +4,7 @@ The following table lists archived versions of the Consumer Data Standards. The |Releases Date|Version|Description| |-------------|-------|-----------| +|22/03/2023|1.22.1|Changes arising from Change Request 576 (Maintenance iteration 14)| |22/12/2022|1.22.0|Changes arising from Decision 271 (Maintenance iteration 13)| |16/12/2022|1.21.0|Changes arising from Decision 282| |13/11/2022|1.20.0|Changes arising from Decision 259 (Maintenance iteration 12)| diff --git a/slate/source/includes/cds_dcr.md b/slate/source/includes/cds_dcr.md index c858d800..6b74558d 100644 --- a/slate/source/includes/cds_dcr.md +++ b/slate/source/includes/cds_dcr.md @@ -533,8 +533,8 @@ To perform this operation, you must be authenticated and authorised with the fol |response_types|[string]|mandatory|Array of the OAuth 2.0 response type strings that the client can use at the authorization endpoint.

    Response type value `code` is required for Authorization Code Flow. Response type value `code id_token` is required for OIDC Hybrid Flow.| |application_type|[Enum](#common-field-types)|optional|Kind of the application. The only supported application type will be `web`| |id_token_signed_response_alg|[Enum](#common-field-types)|mandatory|Algorithm with which an id_token is to be signed| -|id_token_encrypted_response_alg|[ExternalRef](#common-field-types)|mandatory|JWE `alg` algorithm with which an id_token is to be encrypted| -|id_token_encrypted_response_enc|[ExternalRef](#common-field-types)|mandatory|JWE `enc` algorithm with which an id_token is to be encrypted| +|id_token_encrypted_response_alg|[ExternalRef](#common-field-types)|conditional|JWE `alg` algorithm with which an id_token is to be encrypted.

    Required if OIDC Hybrid Flow (response type `code id_token`) is registered.| +|id_token_encrypted_response_enc|[ExternalRef](#common-field-types)|conditional|JWE `enc` algorithm with which an id_token is to be encrypted.

    Required if OIDC Hybrid Flow (response type `code id_token`) is registered.| |authorization_signed_response_alg|string|optional|The JWS `alg` algorithm required for signing authorization responses. If this is specified, the response will be signed using JWS and the configured algorithm. The algorithm “none” is not allowed.

    Required if response_type of “code” is registered by the client.| |authorization_encrypted_response_alg|string|optional|The JWE `alg` algorithm required for encrypting authorization responses. If unspecified, the default is that no encryption is performed.

    Required if “authorization_encrypted_response_enc” is included.| |authorization_encrypted_response_enc|string|optional|The JWE `enc` algorithm required for encrypting authorization responses. If “authorization_encrypted_response_alg” is specified, the default for this value is “A128CBC-HS256”.| diff --git a/slate/source/includes/changelog.md b/slate/source/includes/changelog.md index f5cbfccb..d2736c62 100644 --- a/slate/source/includes/changelog.md +++ b/slate/source/includes/changelog.md @@ -4,6 +4,7 @@ The following table lists the changes made to these standards in reverse date or |Change Date|Version|Description|Detail Of change| |-----------|-------|-----------|----------------| +|14/04/2023| 1.23.0 | Changes arising from Decision Proposal 298 | See [release notes](includes/releasenotes/releasenotes.1.23.0.html) and [Decision 298](https://github.com/ConsumerDataStandardsAustralia/standards/issues/298) for details. | |22/03/2023| 1.22.1 | Patch release including updates to draft Telco standards | See [release notes](includes/releasenotes/releasenotes.1.22.1.html) for details. | |22/12/2022| 1.22.0 | Changes arising from Decision 271 (Maintenance iteration 13) | See [release notes](includes/releasenotes/releasenotes.1.22.0.html) and [Decision 272](https://github.com/ConsumerDataStandardsAustralia/standards/issues/272) for details. | |16/12/2022| 1.21.0 | Changes arising from Decision 282 | See [release notes](includes/releasenotes/releasenotes.1.21.0.html) and [Decision 282](https://github.com/ConsumerDataStandardsAustralia/standards/issues/282) for details. | diff --git a/slate/source/includes/introduction/_endpoint_version_schedule.md b/slate/source/includes/introduction/_endpoint_version_schedule.md index 612489af..aeac802b 100644 --- a/slate/source/includes/introduction/_endpoint_version_schedule.md +++ b/slate/source/includes/introduction/_endpoint_version_schedule.md @@ -1,18 +1,5 @@ ## Endpoint Version Schedule -```diff -Updated the obligation dates schedule to have correct -numbers for each date - -Removed entries in the obligation dates schedule older -than six months - -Corrected the year of the obligation date for Get -Energy Account Detail V2 - -Corrected link to go directly to the end point version -schedule -``` A table-view of all endpoint versioning is available here. diff --git a/slate/source/includes/introduction/_fdo.md b/slate/source/includes/introduction/_fdo.md index 4fcb3b1e..3948b0a9 100644 --- a/slate/source/includes/introduction/_fdo.md +++ b/slate/source/includes/introduction/_fdo.md @@ -4,13 +4,6 @@ The standards, as published from time to time, may include specific statements i The table below highlights these areas of the standards. -```diff -Removed obligations more than six months in the past - -Reordered FDO entries by applicable date - -Corrected some typos -``` |Section|Description|Applicable Date| |-------|-----------|---------------| diff --git a/slate/source/includes/introduction/_intro.md b/slate/source/includes/introduction/_intro.md index a3967b4f..9055652c 100644 --- a/slate/source/includes/introduction/_intro.md +++ b/slate/source/includes/introduction/_intro.md @@ -6,7 +6,6 @@ This text is an example of a new addition to the standards: This text is an example of text removed from the standards: - Old text removed Note: changes to request and response payloads are listed at the beginning of the relevant API section due to the documentation being auto generated from OpenAPI specification files. -Additional note for v1.22.0: For this version only the delta statements from v1.21.0 have been retained in v1.22.0 as the release dates between the two versions were close together. The affected delta statements will be noted as being associated with v1.21.0 ``` These standards have been developed as part of the Australian Government's introduction of the [Consumer Data Right](https://www.accc.gov.au/focus-areas/consumer-data-right "ACCC Consumer Data Right webpage") legislation to give Australians greater control over their data. @@ -20,15 +19,12 @@ The standards are required to be published. The obligations on CDR participants - where the rules require compliance with the standards, non-compliance with the standards may constitute a breach of the rules. - where the standards are specified as binding standards as required by the Consumer Data Right rules for the purposes of s56FA of the legislation, they apply as under contract between a data holder and an accredited data recipient. The legal effect of binding standards as between data holders and accredited data recipients is fully set out in s56FD and s56FE of the legislation. -```diff -+ Added binding statement in response to legal advice -``` Some of these standards will be binding data standards under the Competition and Consumer (Consumer Data Right) Data Standards (No. 1) 2023. See that instrument [here](https://consumerdatastandards.gov.au/sites/consumerdatastandards.gov.au/files/2023-02/Competition%20and%20Consumer%20%28Consumer%20Data%20Right%29%20Data%20Standards%20%28No.%201%29%202023%20executed.pdf). In summary, provisions of these standards (as they exist from time to time) that impose obligations or prohibitions on CDR entities are binding data standards. Provisions included in these standards merely by way of guidance are not binding data standards. ## Version -These standards represent version 1.22.1 of the high level standards. See the [versioning section](#versioning) for more information on how versions are managed in the standard. +These standards represent version 1.23.0 of the high level standards. See the [versioning section](#versioning) for more information on how versions are managed in the standard. ## Interpretation diff --git a/slate/source/includes/releasenotes/releasenotes.1.23.0.html.md b/slate/source/includes/releasenotes/releasenotes.1.23.0.html.md new file mode 100644 index 00000000..89410d1f --- /dev/null +++ b/slate/source/includes/releasenotes/releasenotes.1.23.0.html.md @@ -0,0 +1,55 @@ +--- +title: Consumer Data Standards - v1.23.0 Release Notes + +#language_tabs: # must be one of https://git.io/vQNgJ + +toc_footers: + - Consumer Data Standards + +search: false +--- + +# V1.23.0 Release Notes +Release notes for version v1.23.0 of the [CDR Standards](../../index.html). + +## Changes Made +### Change Requests + +This release addresses the following change requests raised on [Standards Maintenance](https://github.com/ConsumerDataStandardsAustralia/standards-maintenance/issues): + +- [Standards Maintenance Issue 576: Change id token encryption documentation to allow for use in Hybrid flow and ACF](https://github.com/ConsumerDataStandardsAustralia/standards-maintenance/issues/576) + +### Decision Proposals + +This release addresses the following Decision Proposals published on [Standards](https://github.com/ConsumerDataStandardsAustralia/standards/issues): + +- [Decision Proposal 298](https://github.com/ConsumerDataStandardsAustralia/standards/issues/298) + +## Introduction + +No Change + +## High Level Standards + +No Change + + +## API End Points + +No Change + + +## Information Security Profile + +|Change|Description|Link| +|------|-----------|----| +| Allow id token encryption for Auth Code Flow | [**Change Request #576**](https://github.com/ConsumerDataStandardsAustralia/standards-maintenance/issues/576): Updated Security Profile to allow encryption of id tokens when using Auth Code Flow | [Security Profile](../../#security-profile) | + + +## Consumer Experience + +No Change + +## Known Issues + +No Change diff --git a/slate/source/includes/security/_client_registration.md.erb b/slate/source/includes/security/_client_registration.md.erb index 755ad738..9c21c3ca 100644 --- a/slate/source/includes/security/_client_registration.md.erb +++ b/slate/source/includes/security/_client_registration.md.erb @@ -137,6 +137,11 @@ Get Software Statement Assertion API [v1](includes/obsolete/get-software-stateme ### Registration Request using JWT +```diff +Removed following requirement from id_token_encrypted_response_alg and id_token_encrypted_response_enc fields: +- Must be ignored for Authorization Code Flow +``` + > Example Request > Client registration with OpenID Hybrid Flow @@ -228,7 +233,6 @@ Accept: application/json } ``` - To register with a Data Holder, the Data Recipient sends an HTTP POST to the Data Holder registration endpoint. * The request **MUST** be presented in the format of a **[[RFC7519]](#nref-RFC7519)** compliant JWT. @@ -251,15 +255,14 @@ The client registration request **MUST** contain the following claims in the JWT |**response_types**| Required | Array of the OAuth 2.0 response type strings that the client can use at the authorization endpoint. **values: ["code", "code id_token"]**

    Response type value “code” is required for Authorization Code Flow. Response type value “code id_token” is required for OIDC Hybrid Flow. |**application_type**| Optional | Kind of the application. The only supported application type will be **web** |**id_token_signed_response_alg**| Required | Algorithm with which an id_token is to be signed

    Supported values as constrained by **[[FAPI-1.0-Advanced]](#nref-FAPI-1-0-Advanced)**. Required for both Authorization Code Flow (`response_type` “code”) and OIDC Hybrid Flow (`response_type` “code id_token”). -|**id_token_encrypted_response_alg**| Required | JWE `alg` algorithm with which an id_token is to be encrypted.

    Required if OIDC Hybrid Flow (response_type “code id_token”) is registered. Must be ignored for Authorization Code Flow. -|**id_token_encrypted_response_enc**| Required | JWE `enc` algorithm with which an id_token is to be encrypted.

    Required if OIDC Hybrid Flow (response_type “code id_token”) is registered. Must be ignored for Authorization Code Flow. +|**id_token_encrypted_response_alg**| Conditional | JWE `alg` algorithm with which an id_token is to be encrypted.

    Required if OIDC Hybrid Flow (response type `code id_token`) is registered. +|**id_token_encrypted_response_enc**| Conditional | JWE `enc` algorithm with which an id_token is to be encrypted.

    Required if OIDC Hybrid Flow (response type `code id_token`) is registered. |**authorization_signed_response_alg**| Conditional | The JWS alg algorithm required for signing authorization responses. If this is specified, the response will be signed using JWS and the configured algorithm. The algorithm “none” is not allowed.

    Required if response_type of “code” is registered by the client. |**authorization_encrypted_response_alg**|Conditional|The JWE alg algorithm required for encrypting authorization responses. If unspecified, the default is that no encryption is performed.

    Required if “authorization_encrypted_response_enc” is included. |**authorization_encrypted_response_enc**|Optional|The JWE enc algorithm required for encrypting authorization responses. If “authorization_encrypted_response_alg” is specified, the default for this value is “A128CBC-HS256”. |**request_object_signing_alg**| Optional | Algorithm which the ADR expects to sign the request object if a request object will be part of the authorization request sent to the Data Holder

    If field not present in the request, data holders are expected to respond with an appropriate default value

    Supported values as constrained by **[[FAPI-RW-Draft]](#nref-FAPI-RW-Draft)** |**software_statement**| Required | Software statement assertion issued by the CDR Register - #### ID Token Algorithm Selection Considerations When requiring ID Token encryption, the following requirements are applicable. diff --git a/slate/source/includes/security/_tokens.md b/slate/source/includes/security/_tokens.md index d37dd3ab..d80c1999 100644 --- a/slate/source/includes/security/_tokens.md +++ b/slate/source/includes/security/_tokens.md @@ -58,8 +58,11 @@ The following requirements apply to the OIDC Hybrid Flow: #### Authorization Code Flow requirements -For response_type “code”, in accordance with **[[FAPI-1.0-Advanced]](#nref-FAPI-1-0-Advanced)**, ID Tokens **MUST** be signed and **MUST NOT** be encrypted when returned to a Data Recipient Software Product from the Token End Point. +```diff +Authorization Code Flow requirements: Removed requirement stating ID tokens MUST NOT be encrypted +``` +For `response_type` `code`, in accordance with **[[FAPI-1.0-Advanced]](#nref-FAPI-1-0-Advanced)**, ID Tokens **MUST** be signed when returned to a Data Recipient Software Product from the Token End Point. ### Access Token Access Tokens **MUST** be used as specified in [section 10.3] (https://tools.ietf.org/html/rfc6749#section-10.3) of **[[OAUTH2]](#nref-OAUTH2)**. diff --git a/slate/source/includes/standards/_versioning.md b/slate/source/includes/standards/_versioning.md index 2c2b2f4b..10190cfe 100644 --- a/slate/source/includes/standards/_versioning.md +++ b/slate/source/includes/standards/_versioning.md @@ -26,9 +26,5 @@ The high level standard will be versioned as described above. The major compone ###End Point Versioning Each end point will have multiple versions independent of other end points. A specific end point version will be requested by a client using a HTTP header. This header will be supported by all end points under the API standards. See the section on [HTTP Headers](#http-headers) for more information on how versions are requested and supplied under the standards. -```diff -Corrected link to go directly to the end point version -schedule -``` A table-view of all endpoint versioning is available here. diff --git a/slate/source/includes/swagger/cds_admin.json b/slate/source/includes/swagger/cds_admin.json index 3b39911c..c1dc211e 100644 --- a/slate/source/includes/swagger/cds_admin.json +++ b/slate/source/includes/swagger/cds_admin.json @@ -12,7 +12,7 @@ "url" : "https://opensource.org/licenses/MIT" }, "title" : "CDR Admin API", - "version" : "1.22.1" + "version" : "1.23.0" }, "servers" : [ { "url" : "https://data.holder.com.au/cds-au/v1" diff --git a/slate/source/includes/swagger/cds_admin.yaml b/slate/source/includes/swagger/cds_admin.yaml index 52bda618..f43c750c 100644 --- a/slate/source/includes/swagger/cds_admin.yaml +++ b/slate/source/includes/swagger/cds_admin.yaml @@ -11,7 +11,7 @@ info: name: MIT License url: https://opensource.org/licenses/MIT title: CDR Admin API - version: 1.22.1 + version: 1.23.0 servers: - url: https://data.holder.com.au/cds-au/v1 paths: diff --git a/slate/source/includes/swagger/cds_banking.json b/slate/source/includes/swagger/cds_banking.json index a1042dcb..2f67cd16 100644 --- a/slate/source/includes/swagger/cds_banking.json +++ b/slate/source/includes/swagger/cds_banking.json @@ -12,7 +12,7 @@ "url" : "https://opensource.org/licenses/MIT" }, "title" : "CDR Banking API", - "version" : "1.22.1" + "version" : "1.23.0" }, "servers" : [ { "url" : "https://data.holder.com.au/cds-au/v1" diff --git a/slate/source/includes/swagger/cds_banking.yaml b/slate/source/includes/swagger/cds_banking.yaml index 79a2b23f..c3097d1b 100644 --- a/slate/source/includes/swagger/cds_banking.yaml +++ b/slate/source/includes/swagger/cds_banking.yaml @@ -11,7 +11,7 @@ info: name: MIT License url: https://opensource.org/licenses/MIT title: CDR Banking API - version: 1.22.1 + version: 1.23.0 servers: - url: https://data.holder.com.au/cds-au/v1 paths: diff --git a/slate/source/includes/swagger/cds_common.json b/slate/source/includes/swagger/cds_common.json index 3c027993..60e3b20b 100644 --- a/slate/source/includes/swagger/cds_common.json +++ b/slate/source/includes/swagger/cds_common.json @@ -12,7 +12,7 @@ "url" : "https://opensource.org/licenses/MIT" }, "title" : "CDR Common API", - "version" : "1.22.1" + "version" : "1.23.0" }, "servers" : [ { "url" : "https://data.holder.com.au/cds-au/v1" diff --git a/slate/source/includes/swagger/cds_common.yaml b/slate/source/includes/swagger/cds_common.yaml index a14c6af0..db1a051a 100644 --- a/slate/source/includes/swagger/cds_common.yaml +++ b/slate/source/includes/swagger/cds_common.yaml @@ -11,7 +11,7 @@ info: name: MIT License url: https://opensource.org/licenses/MIT title: CDR Common API - version: 1.22.1 + version: 1.23.0 servers: - url: https://data.holder.com.au/cds-au/v1 paths: diff --git a/slate/source/includes/swagger/cds_dcr.json b/slate/source/includes/swagger/cds_dcr.json index b2d2496a..1d169a0d 100644 --- a/slate/source/includes/swagger/cds_dcr.json +++ b/slate/source/includes/swagger/cds_dcr.json @@ -3,7 +3,7 @@ "info" : { "description" : "This specification defines the APIs for Data Holders exposing Dynamic Client Registration endpoints.", "title" : "CDR Dynamic Client Registration API", - "version" : "1.22.1" + "version" : "1.23.0" }, "servers" : [ { "url" : "https://data.holder.com.au/" @@ -454,13 +454,13 @@ "x-cds-type" : "Enum" }, "id_token_encrypted_response_alg" : { - "description" : "JWE `alg` algorithm with which an id_token is to be encrypted", + "description" : "JWE `alg` algorithm with which an id_token is to be encrypted.

    Required if OIDC Hybrid Flow (response type `code id_token`) is registered.", "example" : "RSA-OAEP", "type" : "string", "x-cds-type" : "ExternalRef" }, "id_token_encrypted_response_enc" : { - "description" : "JWE `enc` algorithm with which an id_token is to be encrypted", + "description" : "JWE `enc` algorithm with which an id_token is to be encrypted.

    Required if OIDC Hybrid Flow (response type `code id_token`) is registered.", "example" : "A256GCM", "type" : "string", "x-cds-type" : "ExternalRef" @@ -514,8 +514,9 @@ "type" : "string" } }, - "required" : [ "client_description", "client_id", "client_name", "client_uri", "grant_types", "id_token_encrypted_response_alg", "id_token_encrypted_response_enc", "id_token_signed_response_alg", "jwks_uri", "logo_uri", "org_id", "org_name", "redirect_uris", "request_object_signing_alg", "response_types", "scope", "software_id", "software_statement", "token_endpoint_auth_method", "token_endpoint_auth_signing_alg" ], - "type" : "object" + "required" : [ "client_description", "client_id", "client_name", "client_uri", "grant_types", "id_token_signed_response_alg", "jwks_uri", "logo_uri", "org_id", "org_name", "redirect_uris", "request_object_signing_alg", "response_types", "scope", "software_id", "software_statement", "token_endpoint_auth_method", "token_endpoint_auth_signing_alg" ], + "type" : "object", + "x-conditional" : [ "id_token_encrypted_response_alg", "id_token_encrypted_response_enc" ] }, "ClientRegistration" : { "allOf" : [ { diff --git a/slate/source/includes/swagger/cds_dcr.yaml b/slate/source/includes/swagger/cds_dcr.yaml index 4f6f49cf..e0929cf3 100644 --- a/slate/source/includes/swagger/cds_dcr.yaml +++ b/slate/source/includes/swagger/cds_dcr.yaml @@ -3,7 +3,7 @@ info: description: This specification defines the APIs for Data Holders exposing Dynamic Client Registration endpoints. title: CDR Dynamic Client Registration API - version: 1.22.1 + version: 1.23.0 servers: - url: https://data.holder.com.au/ paths: @@ -437,12 +437,14 @@ components: type: string x-cds-type: Enum id_token_encrypted_response_alg: - description: JWE `alg` algorithm with which an id_token is to be encrypted + description: JWE `alg` algorithm with which an id_token is to be encrypted.

    Required + if OIDC Hybrid Flow (response type `code id_token`) is registered. example: RSA-OAEP type: string x-cds-type: ExternalRef id_token_encrypted_response_enc: - description: JWE `enc` algorithm with which an id_token is to be encrypted + description: JWE `enc` algorithm with which an id_token is to be encrypted.

    Required + if OIDC Hybrid Flow (response type `code id_token`) is registered. example: A256GCM type: string x-cds-type: ExternalRef @@ -517,8 +519,6 @@ components: - client_name - client_uri - grant_types - - id_token_encrypted_response_alg - - id_token_encrypted_response_enc - id_token_signed_response_alg - jwks_uri - logo_uri @@ -533,6 +533,9 @@ components: - token_endpoint_auth_method - token_endpoint_auth_signing_alg type: object + x-conditional: + - id_token_encrypted_response_alg + - id_token_encrypted_response_enc ClientRegistration: allOf: - $ref: '#/components/schemas/ClientRegistration_allOf' diff --git a/slate/source/includes/swagger/cds_energy.json b/slate/source/includes/swagger/cds_energy.json index 004d787e..0a0ec76f 100644 --- a/slate/source/includes/swagger/cds_energy.json +++ b/slate/source/includes/swagger/cds_energy.json @@ -3,7 +3,7 @@ "info" : { "description" : "Consumer Data Right end points and payloads for the Energy sector", "title" : "CDR Energy API", - "version" : "1.22.1" + "version" : "1.23.0" }, "servers" : [ { "url" : "/" diff --git a/slate/source/includes/swagger/cds_energy.yaml b/slate/source/includes/swagger/cds_energy.yaml index 13a82331..9f5d2129 100644 --- a/slate/source/includes/swagger/cds_energy.yaml +++ b/slate/source/includes/swagger/cds_energy.yaml @@ -2,7 +2,7 @@ openapi: 3.0.3 info: description: Consumer Data Right end points and payloads for the Energy sector title: CDR Energy API - version: 1.22.1 + version: 1.23.0 servers: - url: / paths: diff --git a/slate/source/includes/swagger/cds_energy_sdh.json b/slate/source/includes/swagger/cds_energy_sdh.json index c3d85056..d5fe0eb1 100644 --- a/slate/source/includes/swagger/cds_energy_sdh.json +++ b/slate/source/includes/swagger/cds_energy_sdh.json @@ -3,7 +3,7 @@ "info" : { "description" : "Consumer Data Right end points and payloads for Secondary Data Holder for the Energy sector", "title" : "CDR Energy Secondary Data Holder API", - "version" : "1.22.1" + "version" : "1.23.0" }, "servers" : [ { "url" : "/" diff --git a/slate/source/includes/swagger/cds_energy_sdh.yaml b/slate/source/includes/swagger/cds_energy_sdh.yaml index 9af9a0a5..8ac1e742 100644 --- a/slate/source/includes/swagger/cds_energy_sdh.yaml +++ b/slate/source/includes/swagger/cds_energy_sdh.yaml @@ -3,7 +3,7 @@ info: description: Consumer Data Right end points and payloads for Secondary Data Holder for the Energy sector title: CDR Energy Secondary Data Holder API - version: 1.22.1 + version: 1.23.0 servers: - url: / paths: diff --git a/slate/source/includes/swagger/cds_register.json b/slate/source/includes/swagger/cds_register.json index 40e49716..000a799e 100644 --- a/slate/source/includes/swagger/cds_register.json +++ b/slate/source/includes/swagger/cds_register.json @@ -2,7 +2,7 @@ "openapi" : "3.0.3", "info" : { "title" : "CDR Participant Discovery API", - "version" : "1.22.1" + "version" : "1.23.0" }, "servers" : [ { "url" : "https:///" diff --git a/slate/source/includes/swagger/cds_register.yaml b/slate/source/includes/swagger/cds_register.yaml index 0b1cbd07..49811476 100644 --- a/slate/source/includes/swagger/cds_register.yaml +++ b/slate/source/includes/swagger/cds_register.yaml @@ -1,7 +1,7 @@ openapi: 3.0.3 info: title: CDR Participant Discovery API - version: 1.22.1 + version: 1.23.0 servers: - url: https:/// paths: diff --git a/slate/source/includes/swagger/cds_telco.json b/slate/source/includes/swagger/cds_telco.json index b0e1358c..636c88ca 100644 --- a/slate/source/includes/swagger/cds_telco.json +++ b/slate/source/includes/swagger/cds_telco.json @@ -12,7 +12,7 @@ "url" : "https://opensource.org/licenses/MIT" }, "title" : "CDR Telco API", - "version" : "1.22.1" + "version" : "1.23.0" }, "servers" : [ { "url" : "https://data.holder.com.au/cds-au/v1" diff --git a/slate/source/includes/swagger/cds_telco.yaml b/slate/source/includes/swagger/cds_telco.yaml index 71983504..94e2f703 100644 --- a/slate/source/includes/swagger/cds_telco.yaml +++ b/slate/source/includes/swagger/cds_telco.yaml @@ -11,7 +11,7 @@ info: name: MIT License url: https://opensource.org/licenses/MIT title: CDR Telco API - version: 1.22.1 + version: 1.23.0 servers: - url: https://data.holder.com.au/cds-au/v1 paths: diff --git a/swagger-gen/api/cds_admin.json b/swagger-gen/api/cds_admin.json index d015f29c..4f8018b2 100644 --- a/swagger-gen/api/cds_admin.json +++ b/swagger-gen/api/cds_admin.json @@ -12,7 +12,7 @@ "name": "MIT License", "url": "https://opensource.org/licenses/MIT" }, - "version": "1.22.1" + "version": "1.23.0" }, "servers": [ { diff --git a/swagger-gen/api/cds_banking.json b/swagger-gen/api/cds_banking.json index 2d83cb10..a319c61d 100644 --- a/swagger-gen/api/cds_banking.json +++ b/swagger-gen/api/cds_banking.json @@ -12,7 +12,7 @@ "name": "MIT License", "url": "https://opensource.org/licenses/MIT" }, - "version": "1.22.1" + "version": "1.23.0" }, "servers": [ { diff --git a/swagger-gen/api/cds_common.json b/swagger-gen/api/cds_common.json index 26994886..5f1513af 100644 --- a/swagger-gen/api/cds_common.json +++ b/swagger-gen/api/cds_common.json @@ -12,7 +12,7 @@ "name": "MIT License", "url": "https://opensource.org/licenses/MIT" }, - "version": "1.22.1" + "version": "1.23.0" }, "servers": [ { diff --git a/swagger-gen/api/cds_dcr.json b/swagger-gen/api/cds_dcr.json index bc125783..bca698a4 100644 --- a/swagger-gen/api/cds_dcr.json +++ b/swagger-gen/api/cds_dcr.json @@ -3,7 +3,7 @@ "info": { "title": "CDR Dynamic Client Registration API", "description": "This specification defines the APIs for Data Holders exposing Dynamic Client Registration endpoints.", - "version": "1.22.1" + "version": "1.23.0" }, "servers": [ { @@ -269,8 +269,6 @@ "client_uri", "grant_types", "id_token_signed_response_alg", - "id_token_encrypted_response_alg", - "id_token_encrypted_response_enc", "jwks_uri", "logo_uri", "org_id", @@ -284,6 +282,10 @@ "token_endpoint_auth_method", "token_endpoint_auth_signing_alg" ], + "x-conditional": [ + "id_token_encrypted_response_alg", + "id_token_encrypted_response_enc" + ], "type": "object", "properties": { "client_id": { @@ -448,13 +450,13 @@ }, "id_token_encrypted_response_alg": { "type": "string", - "description": "JWE `alg` algorithm with which an id_token is to be encrypted", + "description": "JWE `alg` algorithm with which an id_token is to be encrypted.

    Required if OIDC Hybrid Flow (response type `code id_token`) is registered.", "example": "RSA-OAEP", "x-cds-type": "ExternalRef" }, "id_token_encrypted_response_enc": { "type": "string", - "description": "JWE `enc` algorithm with which an id_token is to be encrypted", + "description": "JWE `enc` algorithm with which an id_token is to be encrypted.

    Required if OIDC Hybrid Flow (response type `code id_token`) is registered.", "example": "A256GCM", "x-cds-type": "ExternalRef" }, diff --git a/swagger-gen/api/cds_energy.json b/swagger-gen/api/cds_energy.json index db58d5cf..8e6a67ff 100644 --- a/swagger-gen/api/cds_energy.json +++ b/swagger-gen/api/cds_energy.json @@ -3,7 +3,7 @@ "info": { "title": "CDR Energy API", "description": "Consumer Data Right end points and payloads for the Energy sector", - "version": "1.22.1" + "version": "1.23.0" }, "components": { "schemas": { diff --git a/swagger-gen/api/cds_energy_sdh.json b/swagger-gen/api/cds_energy_sdh.json index 34bc1452..731000a9 100644 --- a/swagger-gen/api/cds_energy_sdh.json +++ b/swagger-gen/api/cds_energy_sdh.json @@ -3,7 +3,7 @@ "info": { "title": "CDR Energy Secondary Data Holder API", "description": "Consumer Data Right end points and payloads for Secondary Data Holder for the Energy sector", - "version": "1.22.1" + "version": "1.23.0" }, "components": { "schemas": { diff --git a/swagger-gen/api/cds_register.json b/swagger-gen/api/cds_register.json index e3c2eb6a..bf1cc8f0 100644 --- a/swagger-gen/api/cds_register.json +++ b/swagger-gen/api/cds_register.json @@ -2,7 +2,7 @@ "openapi": "3.0.3", "info": { "title": "CDR Participant Discovery API", - "version": "1.22.1" + "version": "1.23.0" }, "servers": [ { diff --git a/swagger-gen/api/cds_telco.json b/swagger-gen/api/cds_telco.json index 0fff14b8..92cdd66f 100644 --- a/swagger-gen/api/cds_telco.json +++ b/swagger-gen/api/cds_telco.json @@ -12,7 +12,7 @@ "url": "https://opensource.org/licenses/MIT" }, "title": "CDR Telco API", - "version": "1.22.1" + "version": "1.23.0" }, "servers": [ { "url": "https://data.holder.com.au/cds-au/v1" diff --git a/swagger-gen/cds_dcr.md b/swagger-gen/cds_dcr.md index c858d800..6b74558d 100644 --- a/swagger-gen/cds_dcr.md +++ b/swagger-gen/cds_dcr.md @@ -533,8 +533,8 @@ To perform this operation, you must be authenticated and authorised with the fol |response_types|[string]|mandatory|Array of the OAuth 2.0 response type strings that the client can use at the authorization endpoint.

    Response type value `code` is required for Authorization Code Flow. Response type value `code id_token` is required for OIDC Hybrid Flow.| |application_type|[Enum](#common-field-types)|optional|Kind of the application. The only supported application type will be `web`| |id_token_signed_response_alg|[Enum](#common-field-types)|mandatory|Algorithm with which an id_token is to be signed| -|id_token_encrypted_response_alg|[ExternalRef](#common-field-types)|mandatory|JWE `alg` algorithm with which an id_token is to be encrypted| -|id_token_encrypted_response_enc|[ExternalRef](#common-field-types)|mandatory|JWE `enc` algorithm with which an id_token is to be encrypted| +|id_token_encrypted_response_alg|[ExternalRef](#common-field-types)|conditional|JWE `alg` algorithm with which an id_token is to be encrypted.

    Required if OIDC Hybrid Flow (response type `code id_token`) is registered.| +|id_token_encrypted_response_enc|[ExternalRef](#common-field-types)|conditional|JWE `enc` algorithm with which an id_token is to be encrypted.

    Required if OIDC Hybrid Flow (response type `code id_token`) is registered.| |authorization_signed_response_alg|string|optional|The JWS `alg` algorithm required for signing authorization responses. If this is specified, the response will be signed using JWS and the configured algorithm. The algorithm “none” is not allowed.

    Required if response_type of “code” is registered by the client.| |authorization_encrypted_response_alg|string|optional|The JWE `alg` algorithm required for encrypting authorization responses. If unspecified, the default is that no encryption is performed.

    Required if “authorization_encrypted_response_enc” is included.| |authorization_encrypted_response_enc|string|optional|The JWE `enc` algorithm required for encrypting authorization responses. If “authorization_encrypted_response_alg” is specified, the default for this value is “A128CBC-HS256”.|
    Telco OpenAPI Specification (JSON)