[Openid-specs-fapi] oauth but not as you know it...

Hans Zandbelt hans.zandbelt at zmartzone.eu
Fri Mar 8 09:56:34 UTC 2019 

a mini-storm but it seems to help:
https://twitter.com/timhuckle/status/1103952037832810496

Hans.

On Thu, Mar 7, 2019 at 12:27 PM Hans Zandbelt <hans.zandbelt at zmartzone.eu>
wrote:

> That is worrisome and sets a bad example indeed; should we start a
> twitter/social-feed storm about this in order to kill it early and so that
> we can refer back to it for future attempts as well?
>
> Hans.
>
> On Thu, Mar 7, 2019 at 12:24 PM Dave Tonge via Openid-specs-fapi <
> openid-specs-fapi at lists.openid.net> wrote:
>
>> https://www.ajbell.io/documentation/index.html?shell#introduction
>>
>> Just got sent these API docs. Granted its not a PSD2 API, but I'm getting
>> worried as I reckon we'll see a lot more of this as PSD2 rolls out....
>>
>> I think we really need to strongly recommend that people don't roll their
>> own OP / RP or we'll get more of this type of thing!
>>
>> If you don't have time to look, it claims to be OAuth 2, but does this
>> sort of thing:
>>
>> curl "
>> https://www.ajbell.io/v1.0.0/ajbyi/authorisation/get-authentication-url"
>>   -H "oAuthClientId: acmeClientId"
>>   -H "signature: MYCHECKSUMTOCHECKONRETURN"
>>   -H "redirectURI: https://acme.com/myaccounts"
>>
>> and
>>
>> curl "
>> https://www.ajbell.io/v1.0.0/ajbyi/authorisation/get-authentication-token
>> "
>>
>>   -H "authenticatedCode: myauthcode"
>>   -H "oAuthClientId: acmeClientId"
>>   -H "oAuthSecret:  secret"
>>   -H "redirectURI: https://acme.com/myaccounts"
>>
>>
>>
>>
>> --
>> Dave Tonge
>> CTO
>> [image: Moneyhub Enterprise]
>> <http://www.google.com/url?q=http%3A%2F%2Fmoneyhubenterprise.com%2F&sa=D&sntz=1&usg=AFQjCNGUnR5opJv5S1uZOVg8aISwPKAv3A>
>> Moneyhub Financial Technology, 5th Floor, 10 Temple Back, Bristol, BS1 6FL
>> t: +44 (0)117 280 5120
>>
>> Moneyhub Enterprise is a trading style of Moneyhub Financial Technology
>> Limited which is authorised and regulated by the Financial Conduct
>> Authority ("FCA"). Moneyhub Financial Technology is entered on the
>> Financial Services Register (FRN 809360) at fca.org.uk/register. Moneyhub Financial
>> Technology is registered in England & Wales, company registration number
>>  06909772 .
>> Moneyhub Financial Technology Limited 2018 ©
>>
>> DISCLAIMER: This email (including any attachments) is subject to
>> copyright, and the information in it is confidential. Use of this email or
>> of any information in it other than by the addressee is unauthorised and
>> unlawful. Whilst reasonable efforts are made to ensure that any attachments
>> are virus-free, it is the recipient's sole responsibility to scan all
>> attachments for viruses. All calls and emails to and from this company may
>> be monitored and recorded for legitimate purposes relating to this
>> company's business. Any opinions expressed in this email (or in any
>> attachments) are those of the author and do not necessarily represent the
>> opinions of Moneyhub Financial Technology Limited or of any other group
>> company.
>> _______________________________________________
>> Openid-specs-fapi mailing list
>> Openid-specs-fapi at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-fapi
>>
>
>
> --
> hans.zandbelt at zmartzone.eu
> ZmartZone IAM - www.zmartzone.eu
>


-- 
hans.zandbelt at zmartzone.eu
ZmartZone IAM - www.zmartzone.eu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20190308/1a24b97e/attachment-0001.html>

More information about the Openid-specs-fapi mailing list