Open Authorization v2 (OAuth2)
Open Authorization: Two-Legged Protocol
OAuth2 uses TLS 1.2 for message encryption and is an alternative to MTLS, which authenticates VCAS with a certificate. The use of both OAuth and MTLS is NOT recommended because it will create redundant authentication of VCAS prior to messages transmission.
OAUTH can be used as a method of authenticating that VCAS is the only application connecting to an endpoint. VCAS will send requests to a specific endpoint in order to retrieve a token to be passed as part of the RDX/ADX requests. This token would be passed as part of the HTTP header in subsequent RDX requests.
VCAS currently has 10 streams and will need to have an active token per stream.
The access token will be placed in the RDX header for each API call.
If an issuer elects to use OAUTH as a connectivity method, the following information is required to configure within VCAS:
- OAUTH endpoint for all environments VCAS will be sending requests. This can be the same as RDX endpoints or different endpoints. If there are different endpoints, new TLS or MTLS requirements will be needed.
- Client_id and client_secret to pass in OAUTH requests
- Duration of token validity
- Certificates to be used to establish TLS connection; as outlined in the MTLS specifications.
Updated about 1 year ago