This document describes how to use the plugin "HTTP Signature Verification Credential Extractor" (within the Loginapp's one-shot featureĀ HTTP request authentication (Airlock One-Shot flow)) in order to provide NextGenPSD2 compliant HTTP signature verification.
The described plugin provides the ability to check HTTP signatures according to the internet draft Signing HTTP Messages as required in NextGenPSD2.
This documentation gives examples and lists the HTTP headers that need to be verified as specified in the NextGenPSD2 v1.3 specification.
The documentation may be used as example but does not guarantee that the legal PSD2 requirements are met. Please ensure the correct configuration by examining the latest PSD2 specifications.