Schema for Consent request token

Consent Request Token

Type: object

The Consent Request Token is a JWT used in the Consent Protocol to authenticate the application when it is requesting a new consent or to get a consent token for an already given consent. The token is sent in the X-Consent-Request-Token header and signed with a key published by the application developer through the party configuration. Below are details on fields or claims are required in the header and body of the token.


Example:

{
    "header": {
        "v": "0.2",
        "kid": "2d149479-88a6-4141-ad4c-b14c92f430bc",
        "alg": "RS256"
    },
    "body": {
        "iss": "https://example.com",
        "sub": "debade8a-091d-42da-9b0c-e61f9471e2c3",
        "subiss": "https://login.sandbox.ioxio-dataspace.com",
        "acr": "fake-auth",
        "app": "bb8c7f74-0855-42e1-ba09-70bb27103ded",
        "appiss": "https://login.sandbox.ioxio-dataspace.com",
        "aud": "https://consent.sandbox.ioxio-dataspace.com",
        "exp": 1678492800,
        "iat": 1678406400
    }
}

Type: object

Type: stringFormat: uri

The issuer of the token. Must be the base URL (https:// + domain) on which the party configuration is hosted, with no trailing slash.

Must be at least 1 characters long

Must be at most 2083 characters long


Example:

"https://example.com"

Type: string

The sub from the ID Token of the user.


Example:

"debade8a-091d-42da-9b0c-e61f9471e2c3"

Type: string

The iss from the ID Token of the user.


Example:

"https://login.sandbox.ioxio-dataspace.com"

Type: string

The acr from the ID Token of the user.


Example:

"fake-auth"

Type: string

The app identifier (OIDC Client ID of the app).


Example:

"bb8c7f74-0855-42e1-ba09-70bb27103ded"

Type: string

The iss (OIDC issuer) at which the app is registered.


Example:

"https://login.sandbox.ioxio-dataspace.com"

Type: string

The consent portal base URL.


Example:

"https://consent.sandbox.ioxio-dataspace.com"

Type: integer

The unix timestamp at which the token expires. Must not be in the past.


Example:

1678492800

Type: integer

The unix timestamp at which the token was issued. It must not be in the future.


Example:

1678406400