CscAuthenticationRequestParameters

CSC: OPTIONAL To restrict access to the authorization server of a remote service, this specification introduces the additional account_token parameter to be used when calling the oauth2/authorize endpoint. This parameter contains a secure token designed to authenticate the authorization request based on an Account ID that SHALL be uniquely assigned by the signature application to the signing user or to the user’s application account

RFC9396: The request parameter authorization_details contains, in JSON notation, an array of objects. Each JSON object contains the data to specify the authorization requirements for a certain type of resource. The type of resource or access requirement is determined by the AuthorizationDetails.type field.

CSC: OPTIONAL Arbitrary data from the signature application. It can be used to handle a transaction identifier or other application-spe cific data that may be useful for debugging purposes

OIDC: REQUIRED. OAuth 2.0 Client Identifier valid at the Authorization Server.

RFC7636: A challenge derived from the code verifier that is sent in the authorization request, to be verified against later.

RFC7636: A method that was used to derive code challenge.

CSC: REQUIRED-"credential" The identifier associated to the credential to authorize. This parameter value may contain characters that are reserved, unsafe or forbidden in URLs and therefore SHALL be url-encoded by the signature application

CSC: OPTIONAL A free form description of the authorization transaction in the lang language. The maximum size of the string is 500 characters

CSC: REQUIRED-"credential" String containing the OID of the hash algorithm used to generate the hashes

CSC: REQUIRED-"credential" One or more base64url-encoded hash values to be signed

CSC: Optional Request a preferred language according to RFC 5646

CSC: Required-"credential" The number of signatures to authorize

OIDC: REQUIRED. Redirection URI to which the response will be sent. This URI MUST exactly match one of the Redirection URI values for the Client pre-registered at the OpenID Provider, with the matching performed as described in Section 6.2.1 of RFC3986 (Simple String Comparison).

OAuth 2.0 JAR: REQUIRED unless request is specified. The absolute URI, as defined by RFC3986, that is the Request Object URI referencing the authorization request parameters stated in Section 4 of RFC6749 (OAuth 2.0). If this parameter is present in the authorization request, request MUST NOT be present.

OIDC: REQUIRED. OAuth 2.0 Response Type value that determines the authorization processing flow to be used, including what parameters are returned from the endpoints used. When using the Authorization Code Flow, this value is code.

OIDC: REQUIRED. OpenID Connect requests MUST contain the openid scope value. If the openid scope value is not present, the behavior is entirely unspecified. Other scope values MAY be present. Scope values used that are not understood by an implementation SHOULD be ignored. e.g. profile or com.example.healthCardCredential

CSC: Required-"credential" This parameter contains the symbolic identifier determining the kind of signature to be created

OIDC: RECOMMENDED. Opaque value used to maintain state between the request and the callback. Typically, Cross-Site Request Forgery (CSRF, XSRF) mitigation is done by cryptographically binding the value of this parameter with a browser cookie.