B.1 MCPTT tokens
33.1793GPPRelease 13Security of Mission Critical Push To Talk (MCPTT) over LTETS
B.1.1 ID token
B.1.1.0 General
The ID Token shall be a JSON Web Token (JWT) and contain the following standard and MCPTT token claims. Token claims provide information pertaining to the authentication of the MCPTT user by the IdM server as well as additional claims. This clause profiles the required standard and MCPTT claims for the MCPTT Connect profile.
B.1.1.1 Standard claims
These standard claims are defined by the OpenID Connect 1.0 specification and are REQUIRED for MCPTT. Other claims defined by OpenID Connect are optional. The standards-based claims for an MCPTT id token are shown in table B.1.1.1-1.
Table B.1.1.1-1: ID token standard claims
|
Parameter |
Description |
|
iss |
REQUIRED. The URL of the IdM server. |
|
sub |
REQUIRED. A case-sensitive, never reassigned string (not to exceed 255 bytes), which uniquely identifies the MCPTT user within the MCPTT server provider’s domain. |
|
aud |
REQUIRED. The OAuth 2.0 client_id of the MCPTT client |
|
exp |
REQUIRED. Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew (not to exceed 30 seconds) |
|
iat |
REQUIRED. Time at which the ID Token was issued. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time. |
B.1.1.2 MCPTT claims
The MCPTT Connect profile extends the OpenID Connect standard claims with the additional claims shown in table B.1.1.2-1.
Table B.1.1.2-1: ID token MCPTT claims
|
Parameter |
Description |
|
mcptt_id |
REQUIRED. The MCPTT ID of the current MCPTT user of the MCPTT client. |
B.1.2 Access token
B.1.2.0 Introduction
The access token is opaque to MCPTT clients and is consumed by the MCPTT resource servers (i.e. KMS, MCPTT server, etc). The access token shall be encoded as a JSON Web Token as defined in IETF RFC 7519 [32]. The access token shall include the JSON web digital signature profile as defined in IETF RFC 7515 [35].
B.1.2.1 Standard claims
MCPTT access tokens shall convey the following standards-based claims as defined in IETF RFC 7662 [33].
Table B.1.2.1-1: Access token standard claims
|
Parameter |
Description |
|
exp |
REQUIRED. Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew (not to exceed 30 seconds). |
|
scope |
REQUIRED. A JSON string containing a space-separated list of the MCPTT authorization scopes associated with this token. |
|
client_id |
REQUIRED. The identifier of the MCPTT client making the API request as previously registered with the IdM server. |
B.1.2.2 MCPTT claims
The MCPTT Connect profile extends the standard claims defined in IETF RFC 7662 [33] with the additional claims shown in table B.1.2.2-1.
Table B.1.2.2-1: Access token MCPTT claims
|
Parameter |
Description |
|
mcptt_id |
REQUIRED. The MCPTT ID of the current MCPTT user of the MCPTT client. |