feat(backend): request grant to query incoming payment receiver

[wilsonianb]

Changes proposed in this pull request

• The receiver service now uses a stored grant if one exists or requests a new grant when querying a remote incoming payment.

Context

• fixes Request grant at other Open Payments server(s) #583

Checklist

• Related issues linked using fixes #number
• Tests added/updated
• Documentation added
• Make sure that all checks pass

[wilsonianb]

Using a combination of this branch + #777, I was able to run localenv with AS signature verification enabled:

rafiki/infrastructure/local/peer-docker-compose.yml

Line 17 in 632bdfb

BYPASS_SIGNATURE_VALIDATION: "true"

and successfully create a quote (with backend auto-requesting a grant to read the receiver incoming payment)

[wilsonianb]

Is it worth (get or creating and) locking the auth server's db row here to avoid simultaneously sending redundant grant requests?

[mkurapov]

Is this a case for when we request the receiver on the outgoing payment lifecycle hook?

[wilsonianb]

I was thinking if (multiple instances of) the backend were handling two quotes with the same receiver at the same time, should it avoid performing multiple grant requests?

[mkurapov]

Pretty edge-casey IMO, not sure if worth adding just yet

[wilsonianb]

I added this after noticing 👇 while testing:

$ docker compose -f infrastructure/local/peer-docker-compose.yml ps
service "peer-auth" refers to undefined network rafiki: invalid compose project

However, I am now sometimes getting the following when starting the localenv:

network local_rafiki declared as external, but could not be found

I wonder if that can be avoided by splitting these into separate/subsequent docker compose commands:

rafiki/package.json

Lines 20 to 21 in 632bdfb

	"localenv": "docker compose -f ./infrastructure/local/docker-compose.yml -f ./infrastructure/local/peer-docker-compose.yml",
	"localenv:build": "docker compose -f ./infrastructure/local/docker-compose.yml -f ./infrastructure/local/peer-docker-compose.yml -f ./infrastructure/local/build-override.yml build",

[mkurapov]

Using a combination of this branch + #777, I was able to run localenv with AS signature verification enabled:

rafiki/infrastructure/local/peer-docker-compose.yml

Line 17 in 632bdfb

BYPASS_SIGNATURE_VALIDATION: "true"

and successfully create a quote (with backend auto-requesting a grant to read the receiver incoming payment)

what sig headers did you use for making it work? You mean the example P2P payment, correct?

[wilsonianb]

This query 👆
The signature headers are unchanged (TODO)
But the signature headers are there for the RS->AS grant request under the hood.

[mkurapov]

Is accessToken just dev-access-token for now? I'm working on updating those seed scripts.

[wilsonianb]

Yeah, I changed it from the (Postman) default example-access-token.

[mkurapov]

Suggested change

	const grant = await deps.openPaymentsClient.grant.request({
	url: paymentPointer.authServer,
	request: {
	access_token: {
	access: [
	{
	type: grantOptions.accessType,
	actions: grantOptions.accessActions
	}
	]
	},
	interact: {
	start: ['redirect']
	}
	} as GrantRequest
	const grant = await deps.openPaymentsClient.grant.request({
	url: paymentPointer.authServer,
	request: {
	access_token: {
	access: [
	{
	type: grantOptions.accessType as 'incoming-payment',
	actions: grantOptions.accessActions
	}
	]
	},
	interact: {
	start: ['redirect']
	}
	}

Should we export accessType from open-payments, along with a mapper? So we don't need the as GrantRequest. Otherwise, I would prefer type asserting only the single thing that needs it

[wilsonianb]

Or could these be exported

rafiki/packages/open-payments/src/generated/auth-server-types.ts

Lines 250 to 287 in 48cdfa2

	"access-incoming": {
	/** @description The type of resource request as a string. This field defines which other fields are allowed in the request object. */
	type: "incoming-payment";
	/** @description The types of actions the client instance will take at the RS as an array of strings. */
	actions: (
	| "create"
	| "complete"
	| "read"
	| "read-all"
	| "list"
	| "list-all"
	)[];
	/**
	* Format: uri
	* @description A string identifier indicating a specific resource at the RS.
	*/
	identifier?: string;
	};
	/** access-outgoing */
	"access-outgoing": {
	/** @description The type of resource request as a string. This field defines which other fields are allowed in the request object. */
	type: "outgoing-payment";
	/** @description The types of actions the client instance will take at the RS as an array of strings. */
	actions: ("create" | "read" | "read-all" | "list" | "list-all")[];
	/**
	* Format: uri
	* @description A string identifier indicating a specific resource at the RS.
	*/
	identifier: string;
	limits?: external["https://raw.githubusercontent.com/interledger/open-payments/b363d33038fe789e5388f04f80ddd06a4fa97093/openapi/schemas.yaml"]["components"]["schemas"]["limits-outgoing"];
	};
	/** access-quote */
	"access-quote": {
	/** @description The type of resource request as a string. This field defines which other fields are allowed in the request object. */
	type: "quote";
	/** @description The types of actions the client instance will take at the RS as an array of strings. */
	actions: ("create" | "read" | "read-all")[];
	};

as IncomingPaymentAccess, etc?
Then backend/auth could utilize these types instead having a bunch of pairings of arbitrary AccessType/AccessAction.

[wilsonianb]

I've gone with your original suggestion but opened:

• Reconcile string enums with generated union types #808

[mkurapov]

Anything we can do here (naming wise) to make it more explicit what the difference between Grant and GrantReference is?

[wilsonianb]

What about GrantReference -> ResourceGrant (or (PaymentPointer)SubresourceGrant)?

[wilsonianb]

I'm also tempted to backtrack on this: #535 (comment)

We could instead store clientId (soon to be client payment pointer #737) on subresources.
Rename GrantReference as OutgoingPaymentGrants (since it's only really needed to lock on limit checking 👇) and drop the clientId column

rafiki/packages/backend/src/open_payments/payment/outgoing/service.ts

Lines 255 to 256 in a5c36d7

	//lock grant
	await deps.grantReferenceService.lock(grant.grant, deps.knex)

[wilsonianb]

😬

• chore(backend): replace GrantReference with OutgoingPaymentGrant #800

[sabineschaller]

Renaming is the right move since we only store references to outgoing payment grants. I'll have to look into the other PR to understand why we can drop clientId.

[wilsonianb]

At the moment, we store references for grants for incoming payments, quotes, and outgoing payments because it is how we associate clientId with those resources.

[mkurapov]

I guess it all depends on the AS, but would just Read be "safer" here? Having to create a grant per incoming payment isn't great, but makes it easier on auth servers to restrict access

[wilsonianb]

I don't have a strong opinion either way, and I'm unsure which would make auth server locking more of a necessity:
#779 (comment)
👇

[sabineschaller]

I think just Read wouldn't work because I'd imagine in most cases, this Rafiki instance wasn't the client creating the incoming payment. It just wants to read it to pay it.

[mkurapov]

imo might be easier to split into two separate tests to avoid the if (newAuthServer) checks

[wilsonianb]

I'm not sure if I made it better or worse by moving it to the describe.each
aa571e1

[mkurapov]

Would returning url: this.url be more clear from an Open Payments API perspective?

[wilsonianb]

As in, change id to url in the Open Payments spec?
https://github.com/interledger/open-payments/blob/b363d33038fe789e5388f04f80ddd06a4fa97093/openapi/resource-server.yaml#L809-L813

[mkurapov]

As in, change id to url in the Open Payments spec?

Exactly, wasn't a comment of the code, more in general. ids for other resources (incoming/outgoing payments) have a different meaning that the id for the payment pointer. NABD, it felt slightly off to me in the spec in the first place

[wilsonianb]

🤔 Want to elaborate on how the id is different for the payment pointer (here or in an open-payments issue)?
Part of me wants to say payment pointers are probably going to be out of scope for Open Payments soon.
Also:

• fix: payment pointer id description open-payments#223

[mkurapov]

Well, for example in our case, we call incoming payments by baseUrl/incoming-payment/{{id}}, id being a uuid, a sub resource identifier. You don't necessarily have a similar "baseUrl/payment-pointer" resource, where you could GET a payment pointer using the id path param.

Likewise in backend, when we use paymentPointer.id its usually the model's uuid. I don't think it's worth changing, just might not be always 100% clear, is all.

[mkurapov]

Is this a case for when we request the receiver on the outgoing payment lifecycle hook?

[sabineschaller]

Is it sufficient to not store the entire access array of the grant?

[wilsonianb]

It is for now since the RS is only requesting read-all incoming payment grants, and the new GrantService only supports creating grants of a single access type.
Do we anticipate the RS requesting multi-type grants that we should consider future-proofing for?

[sabineschaller]

Renaming is the right move since we only store references to outgoing payment grants. I'll have to look into the other PR to understand why we can drop clientId.

[sabineschaller]

I think just Read wouldn't work because I'd imagine in most cases, this Rafiki instance wasn't the client creating the incoming payment. It just wants to read it to pay it.

[mkurapov]

Pretty edge-casey IMO, not sure if worth adding just yet