sahamati / aa-redirection-guidelines Goto Github PK
View Code? Open in Web Editor NEWGuidelines for interaction between FIU and AA on the user’s device.
Home Page: https://sahamati.gitbook.io/aa-redirection-guidelines
License: Apache License 2.0
Guidelines for interaction between FIU and AA on the user’s device.
Home Page: https://sahamati.gitbook.io/aa-redirection-guidelines
License: Apache License 2.0
Ambiguous text:
then they can pass this info to AA as a comma separated array in curly braces
The ecreq
parameters are expected in standard application/x-www-form-urlencoded
format. Thus for supplying multiple FIP identifiers, the format should be &fipid=XXXX&fipid=YYYY
.
Need encryption decryption format written on crypto.js methodology for frontend use.
we have a sample of java how we will encrypt web redirection essential values in ASE 256 algo but we need a javascript
description where we can identify how will we do a code in same format using ASE 256 with given keys as mention on
below.
Facing a issue while we generate secretkey using salt and key in JS so aeed a javascript code using crypto.js lib will help
us to encrypt or decrypt value similar format as backend on frontend-side.
We are using same value as mention on doc:
IV – This can be 0
SALT – This will be the reqdate or resdate
FI – This will be the unique FIU ID ( i.e. the FIU entity id )
SECRETKEY – This will be the secret passphrase shared by the AA with the FIU.
Sample of JS code what we have designed
// generate secret key using key and salt
const getSecretKey = () => {
var secretkey = redirectionSecretKey;
var saltKey = "abcde";
var key = CryptoJS.enc.Utf8.parse(secretkey);
var salt = CryptoJS.enc.Utf8.parse(saltKey);
const generateKey = CryptoJS.PBKDF2(key, salt, {
keySize: 256,
iterations: 1000,
});
return generateKey;
};
// generate IV
const getIv = () => {
var iv2 = CryptoJS.lib.WordArray.create([
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
]);
return iv2;
};
// Encryption method
export const encodeDataInASE2 = (data) => {
var encrypted = CryptoJS.AES.encrypt(
data,
getSecretKey2(),
{
iv: getIv2(),
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7,
}
).toString();
return encrypted;
};
// Decryption method
export const decodeDataFromASE = (ciphertext) => {
const decryptCiphertext = CryptoJS.AES.decrypt(ciphertext, getSecretKey(), {
iv: getIv(),
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7,
});
const decryptedData = JSON.parse(
decryptCiphertext.toString(CryptoJS.enc.Utf8)
);
return decryptedData;
};
The datetime format mentioned in the gitbook for reqdate is ddmmyyyyhh24misss, but the description is unclear for it
WE need to discuss redirection guidelines for AA-TSP if the flow is entirely offline journye.
aa-redirection-guidelines/specification/response-specification.md
Lines 13 to 17 in f45a6d7
As AA, do we need to show all unapproved LSP based consent requests in LSP based redirection flow?
This will have more consents in customers AA portal. How to handle it.
My suggestion is whether can we have timeout to unapproved consent once the customer partially selects 3-4 FIUs from LSP or reject the unapproved consent immediately once the LSP flow is done.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.