After registering new resource (account consent or payment consent) using public access token TPP should obtain consent access token for accessing created resources.
Authorization request:
GET https://10.191.13.94:9443/authpage/consentId/SynRPCaFSLa_TuvA-D654A?redirect_uri=https://api.testtpp.com/cb
Response with authorization code:
HTTP/1.1 302 Found
Location: https://api.mytpp.com/cb?code=ZXlKaGJHY2lPaUpTVXpVeE1pSjkuZXlKemRXSWlPaUpoZFhSb1gyTnZaR1VpTENKamIyNXpaVzUwU1dRaU9pSnBRblpyY25KdlZsTTRWekp2TVd3MVVrWnlkMFJuSWl3aWFYTnpJam9pVkUxVFhDOVlJaXdpWlhod0lqb3hOVFl5TVRBek1ERTJMQ0pwWVhRaU9qRTFOakl3TVRZMk1UWjkuWExkTnEyaXdBcXJySHFUS2VZdTFNZk1CbWlWR2V6cktEZGc3YXJqdURFS2pXajlvRWotZG5WNTM1MTNzWGo1QjI2a1N5LWRSNG5DSV92VEJBOWpMNkJ4S0ZWMlh1TnRrVHRMZFZkckc3T0FJb3FtM0otVmdPck9aZ1M5bzV3NzNXNkV6ZVR4RC1mMG9uaTk0OVY0SG56ZzBNd2N2VWZyYndXQjUzYmE3ektvUFRaZnlCVXJOMEE3ZWxYQ2NyRXRYU3F4Y3lhY25tM2tuSVRxUTdGUWdZQnRzWnRabUZjb2FTbkFQWjRERnE0NGFmaWFLYU1mYk42QXJEV3ljajd1c1ZGcERjaUdsYm15d3BsSUJ1VnVFamdjekpVclNVbGJaUVd4RWI0Q3ZfNV8xUWUzc25CbENQQ1ctanlrVDlvN09iUHo2QVVzZWhxWmU3Wkg1UUxXZGxn
Request to exchange authorization code:
POST https://10.191.13.94:9443/as/token.oauth2
Host: https://10.191.13.94:9443/as/token.oauth2
Content-Type: application/x-www-form-urlencoded
Accept: application/json
grant_type=authorization_code
&code=ZXlKaGJHY2lPaUpTVXpVeE1pSjkuZXlKemRXSWlPaUpoZFhSb1gyTnZaR1VpTENKamIyNXpaVzUwU1dRaU9pSnBRblpyY25KdlZsTTRWekp2TVd3MVVrWnlkMFJuSWl3aWFYTnpJam9pVkUxVFhDOVlJaXdpWlhod0lqb3hOVFl5TVRBek1ERTJMQ0pwWVhRaU9qRTFOakl3TVRZMk1UWjkuWExkTnEyaXdBcXJySHFUS2VZdTFNZk1CbWlWR2V6cktEZGc3YXJqdURFS2pXajlvRWotZG5WNTM1MTNzWGo1QjI2a1N5LWRSNG5DSV92VEJBOWpMNkJ4S0ZWMlh1TnRrVHRMZFZkckc3T0FJb3FtM0otVmdPck9aZ1M5bzV3NzNXNkV6ZVR4RC1mMG9uaTk0OVY0SG56ZzBNd2N2VWZyYndXQjUzYmE3ektvUFRaZnlCVXJOMEE3ZWxYQ2NyRXRYU3F4Y3lhY25tM2tuSVRxUTdGUWdZQnRzWnRabUZjb2FTbkFQWjRERnE0NGFmaWFLYU1mYk42QXJEV3ljajd1c1ZGcERjaUdsYm15d3BsSUJ1VnVFamdjekpVclNVbGJaUVd4RWI0Q3ZfNV8xUWUzc25CbENQQ1ctanlrVDlvN09iUHo2QVVzZWhxWmU3Wkg1UUxXZGxn
&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
&client_assertion=eyJhbGciOiJSUzUxMiIsImtpZCI6IjEyMzQ1IiwidHlwIjoiSldUIn0.eyJpc3MiOiJUUFAxIiwic3ViIjoiVFBQMSIsImV4cCI6MTU2MjAxODE1NiwiaWF0IjoxNTYyMDExNDk2LCJqdGkiOiIyMDE5MDcwMTIxMTQiLCJhdWQiOnsiaHJlZiI6Imh0dHBzOi8vcGcubW9zY293LmNtYS5ydTo4NzQ1L2FzL3Rva2VuLm9hdXRoMiJ9fQ.RObpxh1f94ACZ99ZH9ffrdfoeWY7ji-tGcL6ibC66ePKTHHWmswAeSJnfBL-NMwsH7tVJiAqE8gzIFJ57zU6d3aJBa-aipjXAa5Il3oNV30pJ0azRaz0LWIpb95BF3T8ePpT7y3R2nJlix4JmKpSWxGulvocTkoFW5x1VgE_qEdV2kneBqF7-_vXW7DgsOXEG35DU0jFGbBI9P5Wh2Bjv4HQutuaoPKzqAVj0fImP458cnWwbLjFy1h_xmOghxEVgLxwIrixtLtMJxfHqqGAVvppprfnzf1d6uRXUsPanwUCVvWOQGH7ICV5KpADZuQ27ny-7o47n9n3U1GXDxzHig
Where client_assertion is JWT signed by TPP certificate registered in BBK Bank.
JWT payload (for client assertion):
{
"iss": "testTPP",
"sub": "testTPP",
"exp": 1499187201,
"iat": 1499183601,
"jti": "id123456",
"aud": "https://10.191.13.94:9443/as/token.oauth2"
}
Response with consent token:
HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: no-store
Pragma: no-cache
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAxIiwiY29uc2VudElkIjoiaUJ2a3Jyb1ZTOFcybzFsNVJGcndEZyIsImlzcyI6IkFQSV9HVyIsImV4cCI6MTU2MjEwMzA0NSwiaWF0IjoxNTYyMDE2NjQ1fQ.fDYOEkkE717-CojeFtNHKlveFrm3GQdUA69AyvBBsoX1ueimTfdlY4YK6aauseFp6mv5iSaKU3xU4ECQxhpvs0uFkHSVRGmpl-7qUypjLrfTD_w0ZYg0gbmejjXi39LXKOCwQPr-Ixe4CRYqDIaq8YLtbhphl6V-hxIRm_rrTxvo2EPJHvagfRbCmLbbGvsQE-oyq-uxIS5eOTwx-3iXr_PluAvXyChapvf_DagoJr52wAic285ErHKKt32bMTkj2-P0B91gYwWWo9vKFMUvzSQYpJbobwqAeS7DqTaKT3rLoL0CETv-fM6kMn3xuz4_c_iJJXoi0R3BF3UHR5agfg",
"token_type": "Bearer",
"expires_in": 3600
}