Gravitee.io AM 2.4
We are pleased to announce that Gravitee.io Access Management 2.4.0 is now available.
What’s new ?
Here are the highlights of this release:
- PSD2 and Open Banking context
- Users storage
PSD2 and Open Banking
Payment Services Directive (PSD2) defines list of EU rules that should help stimulate competition in the electronic payments market.
This would allow consumers to benefit from more and better choices between different types of payment services and service providers.
Bank companies will expose open APIs to allow other banks and third parties (known as TPP) to access customer account and payment services.
To fulfill Open Banking and PSD2 requirements, Gravitee.io Access Management has started to make some improvements which have been released in this 2.4 version.
Gravitee.io AM 2.4 is moving from random UUID to use a 160-bit (20 byte) random value to generate tokens (e.g : client_id, client_secret, authorization_code, tokens) to be consistent with the OAuth 2.0 specification.
The probability of an attacker guessing generated tokens (and other
credentials not intended for handling by end-users) MUST be less than
or equal to 2^(-128) and SHOULD be less than or equal to 2^(-160).
Fine-grained user consent expiry time
Until version 2.3 of AM, OAuth 2.0 scopes shared the same expiry time for user consent/approval. In banking context, payment initiation approval time is generally shorter than administrative task such as access account information.
Gravitee.io AM 2.4 now let you define an expiry time for each scope at security domain and client level.
When creating users in AM (via User Management or SCIM protocol) users were stored by default in the AM identity provider (MongoDB database). You can now choose in which identity provider the newly created users will be stored.
With this feature, each application can choose their own users directory instead of relying on the security domain one.
What’s next ?
- Continue the PSD2 and Banking context with consent and scope approval management
- Start Audit Trail logs feature