Giter VIP home page Giter VIP logo

aa-redirection-guidelines's People

Contributors

athira-jayakumar1 avatar avengedpeak avatar dheerajkhardwal avatar kantharaju avatar sahamati-product avatar surendhar153 avatar usq2 avatar vaibhav-cams avatar

Stargazers

avatar avatar avatar avatar avatar avatar

Watchers

avatar

Forkers

sahayak-bot finvu jawadraza7 kantharaju vaibhav-cams athira-jayakumar1 usq2 surendhar153

aa-redirection-guidelines's Issues

Encryption Decryption Using AES 256 in Crypto.js Format Needed

Need encryption decryption format written on crypto.js methodology for frontend use.

  • we have a sample of java how we will encrypt web redirection essential values in ASE 256 algo but we need a javascript
    description where we can identify how will we do a code in same format using ASE 256 with given keys as mention on
    below.

  • Facing a issue while we generate secretkey using salt and key in JS so aeed a javascript code using crypto.js lib will help
    us to encrypt or decrypt value similar format as backend on frontend-side.

  • We are using same value as mention on doc:

    IV – This can be 0
SALT – This will be the reqdate or resdate
FI – This will be the unique FIU ID ( i.e. the FIU entity id )
SECRETKEY – This will be the secret passphrase shared by the AA with the FIU.

  • Sample of JS code what we have designed

// generate secret key using key and salt
const getSecretKey = () => {
  var secretkey = redirectionSecretKey;
  var saltKey = "abcde";
  var key = CryptoJS.enc.Utf8.parse(secretkey);
  var salt = CryptoJS.enc.Utf8.parse(saltKey);
   const generateKey = CryptoJS.PBKDF2(key, salt, {
      keySize: 256,
       iterations: 1000,
   });
 return generateKey;
};

// generate IV
const getIv = () => {
 var iv2 = CryptoJS.lib.WordArray.create([
   0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
 ]);
 return iv2;
};

// Encryption method
export const encodeDataInASE2 = (data) => {
 var encrypted = CryptoJS.AES.encrypt(
   data,
   getSecretKey2(),
   {
     iv: getIv2(),
     mode: CryptoJS.mode.CBC,
     padding: CryptoJS.pad.Pkcs7,
   }
 ).toString();

 return encrypted;
};

// Decryption method
export const decodeDataFromASE = (ciphertext) => {
 const decryptCiphertext = CryptoJS.AES.decrypt(ciphertext, getSecretKey(), {
   iv: getIv(),
   mode: CryptoJS.mode.CBC,
   padding: CryptoJS.pad.Pkcs7,
 });
 const decryptedData = JSON.parse(
   decryptCiphertext.toString(CryptoJS.enc.Utf8)
 );

 return decryptedData;
};

Consent Management in LSP based redirection flow

As AA, do we need to show all unapproved LSP based consent requests in LSP based redirection flow?
This will have more consents in customers AA portal. How to handle it.
My suggestion is whether can we have timeout to unapproved consent once the customer partially selects 3-4 FIUs from LSP or reject the unapproved consent immediately once the LSP flow is done.

Typo introduced in v1.1.0 - `ecres` replaced by `fi`

aa-redirection-guidelines/specification/response-specification.md

Lines 13 to 17 in f45a6d7

| Parameter Name | Type | Description |
| -------------- | ------ | --------------------------------------------------------------------------------------------- |
| fi | String | Unique AA identifier. This will be encrypted using Base64/XOR along with resdate field |
| resdate | String | format will be `ddmmyyyyhh24misss` UTC |
| fi | String | Encrypted parameters ([see below](response-specification.md#ecres-encrypted-path-parameters)) |

Encrypted request parameter `fipid` description is not compliant to standard `application/x-www-form-urlencoded` format

aa-redirection-guidelines/specification/request-specification.md

Line 29 in ca8b8dd

| fipid | Array | Optional, can be blank. If FIU already has the information that citizen wants to discover accounts of a particular FIP beforehand, then they can pass this info to AA as a comma separated array in curly braces. It saves user clicks and enhances journey experience |

Ambiguous text:

then they can pass this info to AA as a comma separated array in curly braces

The ecreq parameters are expected in standard application/x-www-form-urlencoded format. Thus for supplying multiple FIP identifiers, the format should be &fipid=XXXX&fipid=YYYY.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.