Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 8 Current »

Collection Fluxo de Consentimento de Dados

POST Token

Para iniciar uma jornada é necessário gerar um token no qual devem ser indicados client_id e client_secret, listados no menu “Credenciais”, no painel da Aplicação. Verifique a especificação por ambiente (Sandbox ou Produção).

URL de geração do Token

https://keycloak.bdc.shared.fsapps.io/auth/realms/consent-management-sandbox-hml/protocol/openid-connect/token

cURL para geração do Token

curl --key ${PRIVATE_KET_FILE_PATH} --cert ${CERTIFICATE_FILE_PATH} \
--location '${TOKEN_URL}' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=openid' \
--data-urlencode 'client_id=${CLIENT_ID}'

Response:

{
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIySDhCS1U3RWxlaDE2X1JPZjF2NkxlNVBYZXlfWnh6bEFkbjRuWnI4dW5zIn0.eyJleHAiOjE2OTE2OTU0MDQsImlhdCI6MTY5MTY5NTEwNCwianRpIjoiYWE5NmM2ZjUtMWE0Yy00NzU5LTlmMjMtZjI4ODYxMDRjMjJhIiwiaXNzIjoiaHR0cHM6Ly9rZXljbG9hay5iZGMuc2hhcmVkLmZzYXBwcy5pby9hdXRoL3JlYWxtcy9jb25zZW50LW1hbmFnZW1lbnQtZGV2Iiwic3ViIjoiNGQwM2JmMDItNGFkMi00NDRhLTg5ODAtY2VjNmZhZjUzNzZjIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoib3BlbnBsdXNfZmViZDZmYjctMDdjMS00NTA2LTllYmEtNDM3NDkxM2RmZWRiIiwiYWNyIjoiMSIsInNjb3BlIjoib3BlbmlkIGFjY291bnRzX2JhbGFuY2VzOnJlYWQgYWNjb3VudHNfdHJhbnNhY3Rpb25zOnJlYWQgYWNjb3VudHNfb3ZlcmRyYWZ0X2xpbWl0czpyZWFkIGFjY291bnRzOnJlYWQgcmVjZXB0b3IgcHJvZmlsZSIsImNsaWVudEhvc3QiOiIxNzkuMjA5LjQ0LjAiLCJjbGllbnRJZCI6Im9wZW5wbHVzX2ZlYmQ2ZmI3LTA3YzEtNDUwNi05ZWJhLTQzNzQ5MTNkZmVkYiIsInByZWZlcnJlZF91c2VybmFtZSI6InNlcnZpY2UtYWNjb3VudC1vcGVucGx1c19mZWJkNmZiNy0wN2MxLTQ1MDYtOWViYS00Mzc0OTEzZGZlZGIiLCJjbGllbnRBZGRyZXNzIjoiMTc5LjIwOS40NC4wIn0.P_guRCCg6BBevBiKZapVQazzFEqHUaOR4pNA8_gDcdFhXu-qAb1ZKnQ4uRBKTxofUpxeUlBY8HshZWW0apXnj4Rs4Q7e11xosHC7JM-ULsaICqiiBAPRMHJW_3MuMCt4Cw1d1GGZ_cP4pAtvfA71kxP50_6zZ35fvx_1Wq9pBf1JjnrBUbQrGoWh4mSb-XGFqyxmbDpGVRfrJj0kQ0q0yx9Qp0K8q6EPHxdpSAwU88WRHILjBVdup_Xu0e7JtiFwufomRm3ore4_3PQBpbQzq092NyjgaNI2GPTcREJFf3Cab1ihDQ_Ttjrnzg36wjSfwn1bf2yMn4pgZ2uB_A-8hg",
    "expires_in": 300,
    "refresh_expires_in": 0,
    "token_type": "Bearer",
    "id_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIySDhCS1U3RWxlaDE2X1JPZjF2NkxlNVBYZXlfWnh6bEFkbjRuWnI4dW5zIn0.eyJleHAiOjE2OTE2OTU0MDQsImlhdCI6MTY5MTY5NTEwNCwiYXV0aF90aW1lIjowLCJqdGkiOiIzMmViYWQ4MC1iZTQ3LTQxOTctOWUyZS01MWZkNjZkMjc1ZWQiLCJpc3MiOiJodHRwczovL2tleWNsb2FrLmJkYy5zaGFyZWQuZnNhcHBzLmlvL2F1dGgvcmVhbG1zL2NvbnNlbnQtbWFuYWdlbWVudC1kZXYiLCJhdWQiOiJvcGVucGx1c19mZWJkNmZiNy0wN2MxLTQ1MDYtOWViYS00Mzc0OTEzZGZlZGIiLCJzdWIiOiI0ZDAzYmYwMi00YWQyLTQ0NGEtODk4MC1jZWM2ZmFmNTM3NmMiLCJ0eXAiOiJJRCIsImF6cCI6Im9wZW5wbHVzX2ZlYmQ2ZmI3LTA3YzEtNDUwNi05ZWJhLTQzNzQ5MTNkZmVkYiIsImF0X2hhc2giOiJlbUhXM1dLbVlyYmtyRkpFdm9JNS13IiwiYWNyIjoiMSIsImNsaWVudEhvc3QiOiIxNzkuMjA5LjQ0LjAiLCJjbGllbnRJZCI6Im9wZW5wbHVzX2ZlYmQ2ZmI3LTA3YzEtNDUwNi05ZWJhLTQzNzQ5MTNkZmVkYiIsInByZWZlcnJlZF91c2VybmFtZSI6InNlcnZpY2UtYWNjb3VudC1vcGVucGx1c19mZWJkNmZiNy0wN2MxLTQ1MDYtOWViYS00Mzc0OTEzZGZlZGIiLCJjbGllbnRBZGRyZXNzIjoiMTc5LjIwOS40NC4wIn0.B-OCm-GFOvLhT13wHyA3xDRfDvRjj5Y6SckekpqhFsGRDoMFUFOxjg0lNRJcvnDqwVZAMfIUqzmWAH6CKWbJ6TKlUqnDOBe5pboLmoZ67LaJt6Axn_JaUXiP_WmeXrNwDwTBIetudKCHVxwnjKGnMkbRGQtO5RBYnbIwAWMdCJyRtVmXVKJJ438m2wTifZjG2WViwlUu4gqKDZZmj256OsJIxY3Q08-TdDgKxp_M-d9FSQwyCzMPbNQ_eyrQGkaxDBl1SXTp9UQB6BnQsny3qaBL1fsefZSPtRiQPRcGrvBJmX3nMeBml_-krt1nnhr9QpjxNDOm1f5Howlx5kTpOw",
    "not-before-policy": 0,
    "scope": "openid accounts_balances:read accounts_transactions:read accounts_overdraft_limits:read accounts:read receptor profile"
}

POST Create Consents

Com o token gerado, é necessário passá-lo no authorization da chamada /consents, para obter o consentimento e informações do usuário, conforme modelo abaixo.

https://api.opb.bdc.dev.fsapps.io/consent-management/api/v1/consents

curl --key ${PRIVATE_KET_FILE_PATH} --cert ${CERTIFICATE_FILE_PATH} \
--location '${CONSENT_MANAGEMENT_BASE_URL}/consent-management/api/v1/consents' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer ${ACCESS_TOKEN}' \
--data '{
  "data": {
    "rut": "10031617"
  },
  "scopes": [
    "accounts:read",
    "accounts_balances:read"
  ],
  "expirationDateTime": "2024-06-15T15:14:10Z",
  "redirectUri": "http://localhost:9090/statusView"
}'

Response:

{
    "id": "64d5393cd3dec500101fb54e",
    "interactionId": "64d5393cd3dec500101fb54f",
    "authorizationUrl": "http://localhost:9091?consentId=64d5393cd3dec500101fb54e&interactionId=64d5393cd3dec500101fb54f"
}

Redirect de Authorization

Uma vez que o consentimento está criado, é necessário solicitar a autorização do consentimento. É indispensável redirecionar o usuário para a etapa de confirmação no BancoEstado. Para isto, realize um redirect na “authorizationUrl” indicada.

URL de Callback do usuário

{redirectUri}?ticket={ticket}&state={consentId}

GET Consents

Uma vez que o cliente retorna do ambiente BancoEstado, com o consentimento confirmado, é possível realizar uma chamada para obter os dados consentidos na /consents, conforme modelo abaixo.

https://api.opb.bdc.dev.fsapps.io/consent-management/api/v1/consents/64d1abbe39b8a000115e2532

curl --key ${PRIVATE_KET_FILE_PATH} --cert ${CERTIFICATE_FILE_PATH} \
--location '${CONSENT_MANAGEMENT_BASE_URL}/consent-management/api/v1/consents/${CONSENT_ID}' \
--header 'Authorization: Bearer ${ACCESS_TOKEN}'

Response:

{
    "_id": "64d1abbe39b8a000115e2532",
    "resourceId": "e199f262-ed8c-4471-961d-37812a2884af",
    "resourceName": "b0IdSx1H_FMfSNNIZCT4kxVfcpBwkUsF1ELhhHk1hPU",
    "requestorClientId": "openplus_febd6fb7-07c1-4506-9eba-4374913dfedb",
    "requestorSubject": "4d03bf02-4ad2-444a-8980-cec6faf5376c",
    "requestorClientName": "openplus_febd6fb7-07c1-4506-9eba-4374913dfedb",
    "scopes": [
        "accounts:read",
        "accounts_balances:read",
        "accounts_transactions:read"
    ],
    "status": "AUTHORISED",
    "redirectUri": "http://localhost:9000",
    "creationDateTime": "2023-08-08T02:43:10.744Z",
    "statusUpdateDateTime": "2023-08-08T02:43:12.635Z",
    "expirationDateTime": "2024-01-08T02:43:09.204Z",
    "data": {
        "rut": "10031617"
    }
}

POST Ticket Exchange

Após receber o ticket, será necessário você trocar este código por um access token, para acessar os dados consentidos pelo cliente

https://keycloak.bdc.shared.fsapps.io/auth/realms/consent-management-dev/protocol/openid-connect/token

curl --key ${PRIVATE_KET_FILE_PATH} --cert ${CERTIFICATE_FILE_PATH} \
--location '${TOKEN_URL}' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Bearer ${ACCESS_TOKEN}' \
--data-urlencode 'grant_type=urn:ietf:params:oauth:grant-type:uma-ticket' \
--data-urlencode 'ticket=${TICKET}'

Response:

{
    "upgraded": false,
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIySDhCS1U3RWxlaDE2X1JPZjF2NkxlNVBYZXlfWnh6bEFkbjRuWnI4dW5zIn0.eyJleHAiOjE2OTE2OTYxMjksImlhdCI6MTY5MTY5NTgyOSwianRpIjoiOWY4ZmIxN2QtM2Y1NC00NzI3LWI3NzgtMzQ2ZjUxYzg3MjgwIiwiaXNzIjoiaHR0cHM6Ly9rZXljbG9hay5iZGMuc2hhcmVkLmZzYXBwcy5pby9hdXRoL3JlYWxtcy9jb25zZW50LW1hbmFnZW1lbnQtZGV2IiwiYXVkIjoicmVzb3VyY2UtY2xpIiwic3ViIjoiNGQwM2JmMDItNGFkMi00NDRhLTg5ODAtY2VjNmZhZjUzNzZjIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoib3BlbnBsdXNfZmViZDZmYjctMDdjMS00NTA2LTllYmEtNDM3NDkxM2RmZWRiIiwiYWNyIjoiMSIsImFsbG93ZWQtb3JpZ2lucyI6WyIqIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJkZWZhdWx0LXJvbGVzLWNvbnNlbnQtbWFuYWdlbWVudC1kZXYiLCJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwiYXV0aG9yaXphdGlvbiI6eyJwZXJtaXNzaW9ucyI6W3sic2NvcGVzIjpbImFjY291bnRzX3RyYW5zYWN0aW9uczpyZWFkIiwiYWNjb3VudHNfYmFsYW5jZXM6cmVhZCIsImFjY291bnRzOnJlYWQiXSwicnNpZCI6ImUxOTlmMjYyLWVkOGMtNDQ3MS05NjFkLTM3ODEyYTI4ODRhZiIsInJzbmFtZSI6ImIwSWRTeDFIX0ZNZlNOTklaQ1Q0a3hWZmNwQndrVXNGMUVMaGhIazFoUFUifV19LCJzY29wZSI6ImFkbWluIGVtYWlsIHByb2ZpbGUiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInByZWZlcnJlZF91c2VybmFtZSI6InNlcnZpY2UtYWNjb3VudC1vcGVucGx1c19mZWJkNmZiNy0wN2MxLTQ1MDYtOWViYS00Mzc0OTEzZGZlZGIifQ.g6dTcc2yCpbtzlGVMhGaNQWPfUY2K69J-zi8hRVNZvN7KJ5zpLnH4xdO1xw8t369G13IrlAyPoK8zB1lcc2xP-lL9UQxMKIkSS8XMXhJVzM_Hx1yoDUEzVflBR69EQrtqYjAbEQ9mEtzRTsf1WVvao3ZfzL4oODiVYayV6Sr2vBtIrkoO71OjmrYQFsVrBDfeHsm_uxPYugTYPbvydJoOuAbCQ_7zfr8INRi5N4I0ix5yvk_lYdbZlzi55H_PChFj-HF0Ojpm27T894nSywSMBzkorEs9dJQh9k-vsUXxxGy4I9pL8KgyFobitaoIH-I7HeetFGkqmkfeqvu8BoO_Q",
    "expires_in": 300,
    "refresh_expires_in": 0,
    "token_type": "Bearer",
    "not-before-policy": 0
}

POST Refresh Token

No cenário no qual é necessário acessar os mesmos dados que foram objeto do consentimento, em um novo momento, após o timeout de 5 minutos, será necessário realizar um refresh token.

https://api.opb.bdc.dev.fsapps.io/consent-management/api/v1/oauth/token

curl --key ${PRIVATE_KET_FILE_PATH} --cert ${CERTIFICATE_FILE_PATH} \
--location '${CONSENT_MANAGEMENT_BASE_URL}/consent-management/api/v1/oauth/token' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer ${ACCESS_TOKEN}' \
--data '{
  "grant_type": "refresh_token",
  "extras": {
      "consentId": "64d1abbe39b8a000115e2532"
  }
}'

Response:

{
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIySDhCS1U3RWxlaDE2X1JPZjF2NkxlNVBYZXlfWnh6bEFkbjRuWnI4dW5zIn0.eyJleHAiOjE2OTE2OTYyMzEsImlhdCI6MTY5MTY5NTkzMSwianRpIjoiZjhjYmFhOWQtOGZiOC00MDQyLWE3MDEtNmNmNzRlMTBmYjFiIiwiaXNzIjoiaHR0cHM6Ly9rZXljbG9hay5iZGMuc2hhcmVkLmZzYXBwcy5pby9hdXRoL3JlYWxtcy9jb25zZW50LW1hbmFnZW1lbnQtZGV2IiwiYXVkIjoicmVzb3VyY2UtY2xpIiwic3ViIjoiNGQwM2JmMDItNGFkMi00NDRhLTg5ODAtY2VjNmZhZjUzNzZjIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoib3BlbnBsdXNfZmViZDZmYjctMDdjMS00NTA2LTllYmEtNDM3NDkxM2RmZWRiIiwiYWNyIjoiMSIsImFsbG93ZWQtb3JpZ2lucyI6WyIqIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJkZWZhdWx0LXJvbGVzLWNvbnNlbnQtbWFuYWdlbWVudC1kZXYiLCJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwiYXV0aG9yaXphdGlvbiI6eyJwZXJtaXNzaW9ucyI6W3sic2NvcGVzIjpbImFjY291bnRzX3RyYW5zYWN0aW9uczpyZWFkIiwiYWNjb3VudHNfYmFsYW5jZXM6cmVhZCIsImFjY291bnRzOnJlYWQiXSwicnNpZCI6ImUxOTlmMjYyLWVkOGMtNDQ3MS05NjFkLTM3ODEyYTI4ODRhZiIsInJzbmFtZSI6ImIwSWRTeDFIX0ZNZlNOTklaQ1Q0a3hWZmNwQndrVXNGMUVMaGhIazFoUFUifV19LCJzY29wZSI6ImFkbWluIGVtYWlsIHByb2ZpbGUiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInByZWZlcnJlZF91c2VybmFtZSI6InNlcnZpY2UtYWNjb3VudC1vcGVucGx1c19mZWJkNmZiNy0wN2MxLTQ1MDYtOWViYS00Mzc0OTEzZGZlZGIifQ.M5yWuEsStimAvhiMWSUQPOf5TCLwelDnaBpdrjg-fHsdWILu1njHua26cs8BbDikElUNOABczc_ZLB9TqIk-CQ-uQSN8wA7qHEkGrCfeXMtmdTIRI-8oRwBMKsu-ueB6kEukka_Vh2TnhSydBEenUkdPCINQaa2ILvKAQ_WgTpEQLreK4HVMOm1KDkCHmIvbPrU9FEFIPQqk-m937XNTF5U59cMN4YARbfA1m1gEu5sbns4q0zB_v9DDtF5cVt-VUnp-1hCYQhhDQO8Ux1vrSiILM-bZHljSy86liEgC7C_GlfvX6BzlmCmySQ1s8sFXeCdc8aRYmRYTn-uisTb_gg",
    "token_type": "Bearer",
    "expires_in": 300
}

A partir deste momento, você já pode acessar a API do produto e obter os dados do cliente que realizou o consentimento.

  • No labels