Known Issue with YBSG Live/Test Interface - Identity API
YBSG have identified a mismatch between their Identity API implementation and the OpenID OAuth 2.0 specifications. This means that TPPs must use two separate resources for generating and regenerating access tokens.
1. TPP APP calls Identity API Token resource to generate an access token.
2. TPP APP calls Identity API Token resource with grant_type of refresh_token to regenerate an access token.
TPP is able to generate and regenerate access tokens from one resource (/token).
TPP must call the Identity API Refresh Token (/refreshtokens) resource to regenerate an access token.
YBSG’s current implementation has created two separate resources for generating and regenerating access tokens.
YBSG is currently working on a fix and plans to release this by the end of April. TPPs will need to call the /token resource with a grant type of refresh_token to generate and regenerate access tokens.