[OpenID-Specs-eKYC-IDA] Issue #1278: 5.1.2.2 External attachments: Require Content-Type header in the HTTP response (openid/ekyc-ida)
Vladimir Dzhuvinov
issues-reply at bitbucket.org
Tue Jan 4 10:16:51 UTC 2022
New issue 1278: 5.1.2.2 External attachments: Require Content-Type header in the HTTP response
https://bitbucket.org/openid/ekyc-ida/issues/1278/5122-external-attachments-require-content
Vladimir Dzhuvinov:
This is a suggestion to put it down in text that the endpoint must indicate the content type of the document. It may be obvious but better be explicit.
> `url`: REQUIRED. OAuth 2.0 resource endpoint from which the document can be retrieved. Providers MUST protect this endpoint. The endpoint URL MUST return the document whose cryptographic hash matches the value given in the `digest` element.
[https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1\_0-master.html#section-5.1.2.2](https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#section-5.1.2.2)
This is a suggestion for a sentence at the end of the paragraph, borrowing text from the embedded attachment section:
“The content \(MIME\) type of the document MUST be indicated in a Content-Type HTTP response header. See \[[RFC6838](https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#RFC6838)\]. Multipart or message media types are not allowed.“
More information about the Openid-specs-ekyc-ida
mailing list