Update to SOL003 2.4.1 and some bugfixes

        type: string

        type: string

        maximum: 1

        maximum: 1

        minimum: 1

        minimum: 1

      WWW-Authenticate:

        description: >

          Challenge if the corresponding HTTP request has not provided

          authorization, or error details if the corresponding HTTP

          request has provided an invalid authorization token.

        type: string

        maximum: 1

        minimum: 0

    schema:

    schema:

      $ref: "../../../definitions/SOL002SOL003_def.yaml#/definitions/ProblemDetails"

      $ref: "../../../definitions/SOL002SOL003_def.yaml#/definitions/ProblemDetails"

definitions:

  SubscriptionAuthentication:

    description: >

      If an API consumer requires the API producer to authorize for sending notifications to that API consumer,

      it shall include in the subscription request data according to the following structure.

    type: object

    required:

      - authType

    properties:

      authType:

        description: >

          Defines the type of Authentication/Authorization to use when sending a notification.

          Permitted values:

            * BASIC

                * In every POST request that sends a notification, use HTTP Basic authentication with

                  the client credentials.

                * The API producer shall pass its client credentials in every POST request that sends a 

                   notification, as defined in IETF RFC 7617.

                * NOTE: The clientId and clientPassword passed in a subscription shall not be the same as the

                  clientId and clientPassword that are used to obtain authorization for API requests.

                  Client credentials may differ between subscriptions. The value of clientPassword should be

                  generated by a random process.

            * OAUTH2_CLIENT_CREDENTIALS

                * In every POST request that sends a notification, use an 

                  OAuth 2.0 Bearer token, obtained using the client credentials grant type.

                * The API producer shall, prior to sending any notification, obtain an access token from 

                  the token endpoint using the OAuth 2.0 client credentials grant type as defined in 

                  IETF RFC 6749. The API consumer should include expiry information with the token response.

                * The API producer shall include that access token as a Bearer token in every POST request

                  that sends a notification (according to IETF RFC 6750).

                * If the access token is expired, the API consumer shall reject the notification. In that case,

                  the API producer shall obtain a new access token, and repeat sending the notification.

                * If the token expiry time is known to the API producer, it may obtain proactively a new access token.

        type: string

        enum:

         - BASIC

         - OAUTH2_CLIENT_CREDENTIALS

      paramsBasic:

        description: >

          Parameters for authentication/authorization using BASIC. Shall be present if authType is "BASIC" and

          the contained information has not been provisioned out of band. Shall be absent otherwise.

        type: object

        properties:

          userName:

            description: >

              Username to be used in HTTP Basic authentication. Shall be present if it has not been provisioned

              out of band.

            type: string

          password:

            description: >

              Password to be used in HTTP Basic authentication. Shall be present if it has not been provisioned

              out of band.

            type: string

      paramsOauth2Client Credentials:

        description: >

          Parameters for authentication/authorization using OAUTH2_CLIENT_CREDENTIALS. Shall be present if 

          authType is "OAUTH2_CLIENT_CREDENTIALS" and the contained information has not been provisioned 

          out of band. Shall be absent otherwise.

        type: object

        properties:

          clientId:

            description: >

              Client identifier to be used in the access token request of the OAuth 2.0 client credentials

              grant type. Shall be present if it has not been provisioned out of band. See NOTE.

            type: string

          clientPassword:

            description: >

              Client password to be used in the access token request of the OAuth 2.0 client credentials

              grant type. Shall be present if it has not been provisioned out of band. See NOTE.

            type: string

          tokenEndpoint:

            description: >

              The token endpoint from which the access token can be obtained. Shall be present if it has

              not been provisioned out of band.

            type: string

            format: URI 

          Authentication parameters to configure the use of Authorization when sending notifications corresponding

          Authentication parameters to configure the use of Authorization when sending notifications corresponding

          to this subscription. This attribute shall only be present if the subscriber requires authorization of 

          to this subscription. This attribute shall only be present if the subscriber requires authorization of 

          notifications.

          notifications.

        $ref: 'SubscriptionAuthentication_def.yaml#/definitions/SubscriptionAuthentication'                  

        $ref: "../../../definitions/SOL002SOL003_def.yaml#/definitions/SubscriptionAuthentication"

 No newline at end of file

        type: string

        type: string

        maximum: 1

        maximum: 1

        minimum: 1

        minimum: 1

      WWW-Authenticate:

        description: >

          Challenge if the corresponding HTTP request has not provided

          authorization, or error details if the corresponding HTTP

          request has provided an invalid authorization token.

        type: string

        maximum: 1

        minimum: 0

    schema:

    schema:

      $ref: "../../../definitions/SOL002SOL003_def.yaml#/definitions/ProblemDetails"

      $ref: "../../../definitions/SOL002SOL003_def.yaml#/definitions/ProblemDetails"

        type: string

        type: string

        maximum: 1

        maximum: 1

        minimum: 1

        minimum: 1

      WWW-Authenticate:

        description: >

          Challenge if the corresponding HTTP request has not provided

          authorization, or error details if the corresponding HTTP

          request has provided an invalid authorization token.

        type: string

        maximum: 1

        minimum: 0

    schema:

    schema:

      $ref: "../../../definitions/SOL002SOL003_def.yaml#/definitions/ProblemDetails"

      $ref: "../../../definitions/SOL002SOL003_def.yaml#/definitions/ProblemDetails"