POST /self-service/registrations requires a valid digid JWT, reads the bsn claim and forwards it to the domain, returning 202. GET /openbaar/register is anonymous and returns OpenbaarProjection.PublicView — rows filtered by q and mapped to the public-safe id+status only (bsn/naam never exposed). JwtBearer validates signature/issuer/expiry against the Keycloak digid authority (§8.3, ADR-0010). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2.7 KiB
2.7 KiB