| Índice | ||||
|---|---|---|---|---|
|
Foreword
...
The receiver shall validate the consistency of the JWS message's digital signature exclusively based on the information obtained from the directory, that is, based on the keys published in the institution's JWKS in the directory.
Signatures must be performed using the digital signature certificate specified in the Open Finance Brazil Certificates Standard;
the iat claim must be numeric in Unix Time format GMT+0 with a tolerance of +/- 60 seconds;
the jti claim must be unique for a clientId within a time frame of 86,400 seconds (24h), and cannot be reused within this period. In case of reuse, the HTTP error code 403 shall be return. Any other case must follow RFC 6749 instructions in item 5.2.
...