feat(auth): use gnap error middleware on idp api #3094
Conversation
✅ Deploy Preview for brilliant-pasca-3e80ec canceled.
|
| '500': | ||
| description: Internal Server Error |
There was a problem hiding this comment.
Would it be good to provide the actual GNAP response error objects in the IDP spec?
There was a problem hiding this comment.
I'll add them since it's a pretty bare PR as it is right now
1735c6e to
0282619
Compare
| content: | ||
| application/json: | ||
| schema: | ||
| $ref: '#/components/schemas/gnap-error' |
There was a problem hiding this comment.
I figured it might make sense to include this in the auth server spec as well for Open Payments, so I captured it in an issue here.
There was a problem hiding this comment.
Makes sense! if you want, we could probably merge the open payments issue first, bump the client, and import the yaml files in here so we can reference them as ./auth-server.yaml#/components/schemas/..., what do you think? Unless we want to decouple the IDP spec from the auth server spec?
There was a problem hiding this comment.
Let's bump the OP client for this 👍
0282619 to
172f556
Compare
fa5e15f to
b97e94d
Compare
| @@ -165,11 +193,23 @@ paths: | |||
| description: Accepted | |||
| '400': | |||
| description: Not Found | |||
There was a problem hiding this comment.
| description: Not Found | |
| description: Bad Request |
| content: | ||
| application/json: | ||
| schema: | ||
| $ref: '#/components/schemas/error-invalid-interaction' | ||
| '401': |
There was a problem hiding this comment.
I think also we have the user_denied invalid_request possible in this route
| @@ -39,6 +39,16 @@ paths: | |||
| description: Interaction id | |||
| '401': | |||
There was a problem hiding this comment.
We also have request_denied in this flow possible
There was a problem hiding this comment.
We also have
request_deniedin this flow possible
We shoud have request_denied in https://github.com/interledger/rafiki/pull/3094/files#diff-196f8d522cc447a08b51f0cf830f0c27ebc33e85c7cd936d96d1d6d053a1a754R46-R51
Should this be 400?
The conditional for throwing this response can be satisfied by not finding the interaction based on the provided nonce + id, not being in the pending state, or the associated grant being revoked. I felt as though these cases sufficiently fell under "incorrect credentials".
Looking at it now, I think we could break up the conditional into 400 (or 404) for the case where it can't find the interaction because the id or the nonce doesn't match up, and 403 for when the grant is revoked or the interaction isn't in a pending state
Changes proposed in this pull request
gnapServerErrorMiddlewareto the routes on the Identity Provider API on the auth server.Context
Closes #3029.
This ended up being a one-line change, as the IDP responses were added already in the spec from #850 and #3024. The code already throws these errors and had tests added as of #2400. There was one potential response missing from the spec, however.
Checklist
fixes #numberuser-docslabel (if necessary)