Is x-correlator support required at OIDC endpoints? #240
Labels
documentation
Improvements or additions to documentation
Comments
|
CAMARA defines the x-correlator header for CAMARA APIs calls as per https://github.com/camaraproject/Commonalities/blob/main/documentation/API-design-guidelines.md#9-architecture-headers. However, the authentication flows follow the OAuth/OIDC/CIBA standards and have their own interface definitions, errors, headers, etc. I see no reason for ICM to require x-correlator header for the authentication flows endpoints just because it is defined for CAMARA APIs requests/responses. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Context
The CAMARA APIs define
401and403error responses that include an optionalx-correlatorheader. For example, in SimSwap v1.0.0 and CAMARA_common.yaml r0.4.0. In architectures where the AZ validates the request before it reaches the service API,x-correlatorsupport may be required at the AZ level.Questions
GET /auth,POST /bc-authorize,POST /token)?x-correlatorbehaviour for401/403service API responses?The text was updated successfully, but these errors were encountered: