Consent Request Token
The Consent Request Token is a JWT used in the Consent Protocol to authenticate the application when it is requesting a new consent or to get a consent token for an already given consent. The token is sent in the X-Consent-Request-Token
header and signed with a key published by the application developer through the party configuration. Below are details on fields or claims are required in the header and body of the token.
{
"header": {
"v": "0.2",
"kid": "2d149479-88a6-4141-ad4c-b14c92f430bc",
"alg": "RS256"
},
"body": {
"iss": "https://example.com",
"sub": "debade8a-091d-42da-9b0c-e61f9471e2c3",
"subiss": "https://login.sandbox.ioxio-dataspace.com",
"acr": "fake-auth",
"app": "bb8c7f74-0855-42e1-ba09-70bb27103ded",
"appiss": "https://login.sandbox.ioxio-dataspace.com",
"aud": "https://consent.sandbox.ioxio-dataspace.com",
"exp": 1678492800,
"iat": 1678406400
}
}
The version of the Consent Request Token standard the token follows.
Must be one of:
- "0.2"
"0.2"
The key ID used to sign the token. A key with the same kid must be found in the JWKS pointed to by the party configuration.
"2d149479-88a6-4141-ad4c-b14c92f430bc"
The algorithm the token is signed with.
Must be one of:
- "RS256"
"RS256"
The issuer of the token. Must be the base URL (https:// + domain
) on which the party configuration is hosted, with no trailing slash.
Must be at least 1
characters long
Must be at most 2083
characters long
"https://example.com"
The sub
from the ID Token of the user.
"debade8a-091d-42da-9b0c-e61f9471e2c3"
The iss
from the ID Token of the user.
"https://login.sandbox.ioxio-dataspace.com"
The acr
from the ID Token of the user.
"fake-auth"
The app identifier (OIDC Client ID of the app).
"bb8c7f74-0855-42e1-ba09-70bb27103ded"
The iss
(OIDC issuer) at which the app is registered.
"https://login.sandbox.ioxio-dataspace.com"
The consent portal base URL.
"https://consent.sandbox.ioxio-dataspace.com"
The unix timestamp at which the token expires. Must not be in the past.
1678492800
The unix timestamp at which the token was issued. It must not be in the future.
1678406400