Create an OAuth2 Session

POST /authorisation/v2/oauth2-sessions

Session Token endpoint for Component Authorisation (DID Auth - CCG Flow).

Request

application/json

Body

required

grantType stringrequired

Grant type. Must be set to "client_credentials"

clientAssertionType stringrequired

Client Assertion type. Must be set to "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"

clientAssertion stringrequired

Self-signed JWT

scope stringrequired

Scope is used to define the authentication method. Must be set to "openid did_authn"

Responses

Success

application/json

Schema
Example (from schema)
OAuth2 response

Schema

ake1_enc_payload string

Encrypted payload with user's public key

ake1_jws_detached string

Detached JWS of AKE1 Signing Payload

ake1_sig_payload object

ake1_enc_payload string

Encrypted payload with user's public key

ake1_nonce string

Nonce used during the authentication process

kid string

Trusted App KID

iat number

Issued at

exp number

Expires

iss string

Issuer (Authorisation API)

kid string

API KID

{
  "ake1_enc_payload": "a5c94fe3c30baec627ab0afb26cf4b5f0319f3eb08752991fb98149e16549a2be069461ce0de3b83f3066027da8565d4516d043c1572b837a0263ffe493c5ded124bf4aaf060e87006e21d4b658abf43b6953f1f23ff982acc74d2c341545f976c5052e07730b304aa6bd37bbc8f54535c6ff84fffcf6caadb1757a854c8d559000bd1fb255e83b2e6a79e5a23a7b67c429ffa4a3e1a7acdc18c4cc7b623584a2ce612ae8052ecc42e116a0664c85c0c30f366c9a42d8d3ffc76e0da3b2c16e0cf19a90086d9c0f9db05218197f8bf07060d27b5c6caac3afdb90b4292123f80df6dbd7922b975335f408b74671790413e02c30d9db9ca96cb9bc25a9e51853f408bd565cadfaaf06526799deb2be248d67c82aaf13010dddaa40dbffe2e0e1fb5689ccbca3785707e188d2cf10f320aca678ff48491d4dec3227e2c17c9843fd8283ce79a3ee212c81063248507dbb694c11eb893235e0b6dc69e78eb69c4fc85ecaa91c8c72c43fd5362fe1f382f57f4dd7b0ee03a5542c83602a437e4b03fb434f6a44e4a04f0adbf30abacdaa69a5b826c77ac3faa27a650f3bcff21cdd1f6793df3dad9bae33496c9da4acba4c8fd793bc23f0d9032d416e753cd802153dc0ea3925d1110367322cba5450ceceb3cd3d4228228177dd8d667eda5691030183e0d3f1be40ac793d1d42af344895d85fb84d9374a344e8f95a33b1c740fa4c84ee016765a63fceda74d5decbf5ee76df9119c73491449a70554541900348b306ab07111312d2b74c226df7f194be00b8335a207bd41399487bd4216edf078a11b8a8b9b93d50e2cb673ccbce0b97d994b54b97068ef317e1136193b17d34764e6ec9c68be69b42aaf1aa1c9bb448dd38eb3a96957fc0a5b81c4710921c6605da420614042518739a02f8ed44338236733a5b2964a3bba2e4333034cb14746e6c2692445c65e8ec124c8e49413d01d86cd1b3dbd863807dc1d9a408e47c46c02f3e7bacbcbc387b03ebd26be6bd1d6f70f5c308081a8ca66beaea71ffee9d1cc375fc299323c938f5c200a2f031380f5347d1604d57a4af3c35a4891e5b1e2bb8573e36a4e1af5fbe62e1b188d119a6b07b25bda8086f3f0aa2139ee4e7144cd",
  "ake1_jws_detached": "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NksiLCJraWQiOiJodHRwczovL2FwaS1waWxvdC5lYnNpLmV1L3RydXN0ZWQtYXBwcy1yZWdpc3RyeS92My9hcHBzL2F1dGhvcmlzYXRpb24tYXBpX3BpbG90LXRlbXAtMDEifQ..PHbuIxA7oSp8-6oh7BED0fEiFL8gItKETlFzaiuFIKH0aF3RRjJQv-CKc5kEfmhGSO8_46yD2qFXZnsTrHAJFg",
  "ake1_sig_payload": {
    "ake1_enc_payload": "a5c94fe3c30baec627ab0afb26cf4b5f0319f3eb08752991fb98149e16549a2be069461ce0de3b83f3066027da8565d4516d043c1572b837a0263ffe493c5ded124bf4aaf060e87006e21d4b658abf43b6953f1f23ff982acc74d2c341545f976c5052e07730b304aa6bd37bbc8f54535c6ff84fffcf6caadb1757a854c8d559000bd1fb255e83b2e6a79e5a23a7b67c429ffa4a3e1a7acdc18c4cc7b623584a2ce612ae8052ecc42e116a0664c85c0c30f366c9a42d8d3ffc76e0da3b2c16e0cf19a90086d9c0f9db05218197f8bf07060d27b5c6caac3afdb90b4292123f80df6dbd7922b975335f408b74671790413e02c30d9db9ca96cb9bc25a9e51853f408bd565cadfaaf06526799deb2be248d67c82aaf13010dddaa40dbffe2e0e1fb5689ccbca3785707e188d2cf10f320aca678ff48491d4dec3227e2c17c9843fd8283ce79a3ee212c81063248507dbb694c11eb893235e0b6dc69e78eb69c4fc85ecaa91c8c72c43fd5362fe1f382f57f4dd7b0ee03a5542c83602a437e4b03fb434f6a44e4a04f0adbf30abacdaa69a5b826c77ac3faa27a650f3bcff21cdd1f6793df3dad9bae33496c9da4acba4c8fd793bc23f0d9032d416e753cd802153dc0ea3925d1110367322cba5450ceceb3cd3d4228228177dd8d667eda5691030183e0d3f1be40ac793d1d42af344895d85fb84d9374a344e8f95a33b1c740fa4c84ee016765a63fceda74d5decbf5ee76df9119c73491449a70554541900348b306ab07111312d2b74c226df7f194be00b8335a207bd41399487bd4216edf078a11b8a8b9b93d50e2cb673ccbce0b97d994b54b97068ef317e1136193b17d34764e6ec9c68be69b42aaf1aa1c9bb448dd38eb3a96957fc0a5b81c4710921c6605da420614042518739a02f8ed44338236733a5b2964a3bba2e4333034cb14746e6c2692445c65e8ec124c8e49413d01d86cd1b3dbd863807dc1d9a408e47c46c02f3e7bacbcbc387b03ebd26be6bd1d6f70f5c308081a8ca66beaea71ffee9d1cc375fc299323c938f5c200a2f031380f5347d1604d57a4af3c35a4891e5b1e2bb8573e36a4e1af5fbe62e1b188d119a6b07b25bda8086f3f0aa2139ee4e7144cd",
    "ake1_nonce": "9a354184-39f3-40bb-8547-2797f3d8e58a",
    "kid": "https://api-pilot.ebsi.eu/trusted-apps-registry/v3/apps/test-app-pilot2",
    "iat": 1672845197,
    "exp": 1672846097,
    "iss": "authorisation-api_pilot-temp-01"
  },
  "kid": "https://api-pilot.ebsi.eu/trusted-apps-registry/v3/apps/authorisation-api_pilot-temp-01"
}

{
  "ake1_enc_payload": "a5c94fe3c30baec627ab0afb26cf4b5f0319f3eb08752991fb98149e16549a2be069461ce0de3b83f3066027da8565d4516d043c1572b837a0263ffe493c5ded124bf4aaf060e87006e21d4b658abf43b6953f1f23ff982acc74d2c341545f976c5052e07730b304aa6bd37bbc8f54535c6ff84fffcf6caadb1757a854c8d559000bd1fb255e83b2e6a79e5a23a7b67c429ffa4a3e1a7acdc18c4cc7b623584a2ce612ae8052ecc42e116a0664c85c0c30f366c9a42d8d3ffc76e0da3b2c16e0cf19a90086d9c0f9db05218197f8bf07060d27b5c6caac3afdb90b4292123f80df6dbd7922b975335f408b74671790413e02c30d9db9ca96cb9bc25a9e51853f408bd565cadfaaf06526799deb2be248d67c82aaf13010dddaa40dbffe2e0e1fb5689ccbca3785707e188d2cf10f320aca678ff48491d4dec3227e2c17c9843fd8283ce79a3ee212c81063248507dbb694c11eb893235e0b6dc69e78eb69c4fc85ecaa91c8c72c43fd5362fe1f382f57f4dd7b0ee03a5542c83602a437e4b03fb434f6a44e4a04f0adbf30abacdaa69a5b826c77ac3faa27a650f3bcff21cdd1f6793df3dad9bae33496c9da4acba4c8fd793bc23f0d9032d416e753cd802153dc0ea3925d1110367322cba5450ceceb3cd3d4228228177dd8d667eda5691030183e0d3f1be40ac793d1d42af344895d85fb84d9374a344e8f95a33b1c740fa4c84ee016765a63fceda74d5decbf5ee76df9119c73491449a70554541900348b306ab07111312d2b74c226df7f194be00b8335a207bd41399487bd4216edf078a11b8a8b9b93d50e2cb673ccbce0b97d994b54b97068ef317e1136193b17d34764e6ec9c68be69b42aaf1aa1c9bb448dd38eb3a96957fc0a5b81c4710921c6605da420614042518739a02f8ed44338236733a5b2964a3bba2e4333034cb14746e6c2692445c65e8ec124c8e49413d01d86cd1b3dbd863807dc1d9a408e47c46c02f3e7bacbcbc387b03ebd26be6bd1d6f70f5c308081a8ca66beaea71ffee9d1cc375fc299323c938f5c200a2f031380f5347d1604d57a4af3c35a4891e5b1e2bb8573e36a4e1af5fbe62e1b188d119a6b07b25bda8086f3f0aa2139ee4e7144cd",
  "ake1_sig_payload": {
    "iat": 1672845197,
    "exp": 1672846097,
    "ake1_nonce": "9a354184-39f3-40bb-8547-2797f3d8e58a",
    "ake1_enc_payload": "a5c94fe3c30baec627ab0afb26cf4b5f0319f3eb08752991fb98149e16549a2be069461ce0de3b83f3066027da8565d4516d043c1572b837a0263ffe493c5ded124bf4aaf060e87006e21d4b658abf43b6953f1f23ff982acc74d2c341545f976c5052e07730b304aa6bd37bbc8f54535c6ff84fffcf6caadb1757a854c8d559000bd1fb255e83b2e6a79e5a23a7b67c429ffa4a3e1a7acdc18c4cc7b623584a2ce612ae8052ecc42e116a0664c85c0c30f366c9a42d8d3ffc76e0da3b2c16e0cf19a90086d9c0f9db05218197f8bf07060d27b5c6caac3afdb90b4292123f80df6dbd7922b975335f408b74671790413e02c30d9db9ca96cb9bc25a9e51853f408bd565cadfaaf06526799deb2be248d67c82aaf13010dddaa40dbffe2e0e1fb5689ccbca3785707e188d2cf10f320aca678ff48491d4dec3227e2c17c9843fd8283ce79a3ee212c81063248507dbb694c11eb893235e0b6dc69e78eb69c4fc85ecaa91c8c72c43fd5362fe1f382f57f4dd7b0ee03a5542c83602a437e4b03fb434f6a44e4a04f0adbf30abacdaa69a5b826c77ac3faa27a650f3bcff21cdd1f6793df3dad9bae33496c9da4acba4c8fd793bc23f0d9032d416e753cd802153dc0ea3925d1110367322cba5450ceceb3cd3d4228228177dd8d667eda5691030183e0d3f1be40ac793d1d42af344895d85fb84d9374a344e8f95a33b1c740fa4c84ee016765a63fceda74d5decbf5ee76df9119c73491449a70554541900348b306ab07111312d2b74c226df7f194be00b8335a207bd41399487bd4216edf078a11b8a8b9b93d50e2cb673ccbce0b97d994b54b97068ef317e1136193b17d34764e6ec9c68be69b42aaf1aa1c9bb448dd38eb3a96957fc0a5b81c4710921c6605da420614042518739a02f8ed44338236733a5b2964a3bba2e4333034cb14746e6c2692445c65e8ec124c8e49413d01d86cd1b3dbd863807dc1d9a408e47c46c02f3e7bacbcbc387b03ebd26be6bd1d6f70f5c308081a8ca66beaea71ffee9d1cc375fc299323c938f5c200a2f031380f5347d1604d57a4af3c35a4891e5b1e2bb8573e36a4e1af5fbe62e1b188d119a6b07b25bda8086f3f0aa2139ee4e7144cd",
    "kid": "https://api-pilot.ebsi.eu/trusted-apps-registry/v3/apps/test-app-pilot2",
    "iss": "authorisation-api_pilot-temp-01"
  },
  "ake1_jws_detached": "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NksiLCJraWQiOiJodHRwczovL2FwaS1waWxvdC5lYnNpLmV1L3RydXN0ZWQtYXBwcy1yZWdpc3RyeS92My9hcHBzL2F1dGhvcmlzYXRpb24tYXBpX3BpbG90LXRlbXAtMDEifQ..PHbuIxA7oSp8-6oh7BED0fEiFL8gItKETlFzaiuFIKH0aF3RRjJQv-CKc5kEfmhGSO8_46yD2qFXZnsTrHAJFg",
  "kid": "https://api-pilot.ebsi.eu/trusted-apps-registry/v3/apps/authorisation-api_pilot-temp-01"
}

Bad Request

application/problem+json

Schema
Example (from schema)
Bad Request
Token Expired
Issuer Not Found

Schema

type uri

Default value: about:blank

An absolute URI that identifies the problem type. When dereferenced, it SHOULD provide human-readable documentation for the problem type.

title string

A short summary of the problem type.

status int32

Possible values: >= 400 and <= 600

The HTTP status code generated by the origin server for this occurrence of the problem.

detail string

A human readable explanation specific to this occurrence of the problem.

instance uri

An absolute URI that identifies the specific occurrence of the problem. It may or may not yield further information if dereferenced.

{
  "type": "about:blank",
  "title": "Internal Server Error",
  "status": 500,
  "detail": "Connection timeout",
  "instance": "string"
}

{
  "title": "Bad Request",
  "status": 400,
  "detail": "Bad request."
}

{
  "title": "Token Expired",
  "status": 400,
  "detail": "The token has expired."
}

{
  "title": "Issuer Not Found",
  "status": 400,
  "detail": "Issuer not found in the trusted apps registry."
}

Internal Error

application/problem+json

Schema
Example (from schema)
Internal Server Error

Schema

type uri

Default value: about:blank

An absolute URI that identifies the problem type. When dereferenced, it SHOULD provide human-readable documentation for the problem type.

title string

A short summary of the problem type.

status int32

Possible values: >= 400 and <= 600

The HTTP status code generated by the origin server for this occurrence of the problem.

detail string

A human readable explanation specific to this occurrence of the problem.

instance uri

An absolute URI that identifies the specific occurrence of the problem. It may or may not yield further information if dereferenced.

{
  "type": "about:blank",
  "title": "Internal Server Error",
  "status": 500,
  "detail": "Connection timeout",
  "instance": "string"
}

{
  "title": "Internal Server Error",
  "status": 500,
  "detail": "The server encountered an internal error and was unable to process your request."
}

/authorisation/v2/oauth2-sessions

Request​

Body

Responses​

Request

Responses