C_12108_Anlage_V1.0.0

Prereleases:

Draft_ePA_3_0_5

PDF HTML Excel XML

Nächste Änderung Vorherige Änderung C_12108_Anlage_V1.0.0

C_12108_Anlage

Kein erneutes Login bei etablierter User Session

Änderungen in I_Authorization_Service.yaml

version ->1.6.0

Authorization PVS:

operationId: sendAuthorizationRequestSC
summary: (sendAuthorizationRequestSC) Send authorization request
externalDocs:
description: 'IDP-Dienst: gemSpec_IDP_FD, chapter "5.5 IDP-Dienst als OIDC IDP"'
url: https://gemspec.gematik.de/docs/gemSpec/
description: |
Request authorization for a smartcard (SMC-B) based client.
**Client**:</br>
A client will receive a well prepared redirection uri and parameters for the authoriation request
towards the authenticator. A client shall invoke the authenticator and IDP flow to revceive an
authorization code for the subsequent _sendAuthCodeSC_ operation.
**Provider**:</br>
The authorization server shall prepare a complete redirection uri and authorization request parameters
(PAR-URI) for the central smartcard IDP.
This operation shall be rejected if the corresponding user session is already authorized. Repeated authorization
attempts are not supported.

| Conditions | Status code | Error code | Remarks |
|------------|-------------|------------|---------|
| Successful operation | 302 |||
| Request does not match schema | 400 | malformedRequest ||
| Invalid request | 403 | invalAuth | includes any error of Authorization Service ..... |
| Repeated authorization attempt | 409 | statusMismatch | when user session is already authorized only |
| Any other error | 500 | internalError | (see 'Retry interval') |

responses:
'302':
$ref: '#/components/responses/AuthorizationResponseSC302'
'400':
$ref: '#/components/responses/Error400BadRequest'
'403':
$ref: '#/components/responses/Error403Forbidden'
'409':
$ref: '#/components/responses/Error409Conflict'
'500':
$ref: '#/components/responses/Error500InternalError'

Authorization FdV:

operationId: sendAuthorizationRequestFdV
summary: (sendAuthorizationRequestFdV) Send authorization request
externalDocs:
description: 'Request to IDP: gemSpec_IDP_FD, chapter "Anfrage von "ID_TOKEN" beim sektoralen Identity Provider"'
url: https://gemspec.gematik.de/docs/gemSpec/
description: |
Sends an authorization request to the authorization service.
...........

For the _x-authorize-representative_ and the _x-authorize-validation_ case the PAR for the IDP shall include:
- amr = urn:telematik:auth:guest:eGK
_x-authorize-representative_ and _x-authorize-validation_ both should not be set to _true_ at the same time.
The authorization service' state value and clientid used for the PAR shall occur in the URI-PAR response of the IDP.

This operation shall be rejected if the corresponding user session is already authorized. Repeated authorization
attempts are not supported.

| Conditions | Status code | Error code | Remarks |
|------------|-------------|------------|---------|
| Successful operation | 302 |||
| Request does not match schema | 400 | malformedRequest | also if both "x-authorize"-parameters are set to _true_ |
| Invalid request | 403 | invalAuth | includes any error of Authorization Service ....... |
| state or clientid value mismatch | 403 | invalData | returned URI-PAR does not contain expected state or clientid value |
| unregistered redirecturi | 403 | invalRedir | redirecturi (e.g. _x-redirecturi_) is unknown, registraion required |
| Invalid URI (x-idp-iss) | 404 | noResource | |
| Repeated authorization attempt | 409 | statusMismatch | when user session is already authorized only |
| Any other error | 500 | internalError ||

responses:
'302':
$ref: '#/components/responses/AuthorizationResponseFdV302'
'400':
$ref: '#/components/responses/Error400BadRequest'
'403':
$ref: '#/components/responses/Error403Forbidden'
'404':
$ref: '#/components/responses/Error404NotFound'
'409':
$ref: '#/components/responses/Error409Conflict'
'500':
$ref: '#/components/responses/Error500InternalError'