Comparação de Páginas

...

It's important to remember that the client registration payload has most of its attributes as non-mandatory, and that assigned values that conflict with those in the software statement assertion will be overridden by the values of the software statement assertion issued by the Directory of Participants. Not all metadata a client wishes to provide may be contained in a software statement, e.g alternative Metadata Languages and Script values. There are some cases where the client metadata are subset of the existing values in the SSA, such as redirect_URIs.

...

1. shall advertise its presence in the Open Finance Brasil ecosystem by being listed on the Directory of Participants;

2. shall advertise all Open Finance Brasil REST API resources protected by the OpenID Provider on the Directory of Participants;

3. shall advertise support for all signing, encryption, authentication mechanisms and standards required to support Open Finance Brasil Financial API;

4. shall advertise support for OpenID Dynamic Client Registration;

5. may advertise mtls_endpoint_aliases as per clause 5 RFC 8705 OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens the token_endpoint, registration_endpoint, userinfo_endpoint and push_authorization_request_endpoint;

6. if supporting Financial API - Client Initiated Back Channel Authentication shall advertise through OIDD mtls_endpoint_aliases the backchannel_authentication_endpoint;

7. shall not rotate the registration_access_token.

6.2. Client

The Client shall support OpenID Connect Discovery as required by Financial-grade API Security Profile 1.0 - Part 1: Baseline

...

...