Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Creating an out-of-band invitation does not include goal code in invitation_url encoding #2583

Closed
loneil opened this issue Nov 1, 2023 · 8 comments · Fixed by #2591
Closed
Assignees

Comments

@loneil
Copy link
Contributor

loneil commented Nov 1, 2023

We are using out-of-band/create-invitation to create an OOB invitation in Traction, and the invitation URL coming back appears to lack some info that is contained in the Invitation.

POSTing the following body to out-of-band/create-invitation

{
    "accept": [
        "didcomm/aip1",
        "didcomm/aip2;env=rfc19"
    ],
    "alias": "Test Alias",
    "goal": "To issue a Faber College Graduate credential",
    "goal_code": "issue-vc",
    "handshake_protocols": [
        "https://didcomm.org/didexchange/1.0",
        "https://didcomm.org/connections/1.0"
    ],
    "my_label": "Invitation to Barry",
    "protocol_version": "1.1",
    "use_public_did": false
}

Returns a invitation

{
    "state": "initial",
    "trace": false,
    "invi_msg_id": "9840355a-3f2b-4453-949e-a5e1d0866aa7",
    "oob_id": "2fed7f3d-34e2-4e2f-8fe0-160da125fda4",
    "invitation": {
        "@type": "https://didcomm.org/out-of-band/1.1/invitation",
        "@id": "9840355a-3f2b-4453-949e-a5e1d0866aa7",
        "label": "Invitation to Barry",
        "handshake_protocols": [
            "https://didcomm.org/didexchange/1.0",
            "https://didcomm.org/connections/1.0"
        ],
        "accept": [
            "didcomm/aip1",
            "didcomm/aip2;env=rfc19"
        ],
        "services": [
            {
                "id": "#inline",
                "type": "did-communication",
                "recipientKeys": [
                    "did:key:z6MkjWpUbVaJRrfTjB6pLJRBpCRBbFmHS5xdnRUCT7JU1Wes"
                ],
                "serviceEndpoint": "https://traction-acapy-dev.apps.silver.devops.gov.bc.ca"
            }
        ],
        "goal_code": "issue-vc",
        "goal": "To issue a Faber College Graduate credential"
    },
    "invitation_url": "https://traction-acapy-dev.apps.silver.devops.gov.bc.ca?oob=eyJAdHlwZSI6ICJodHRwczovL2RpZGNvbW0ub3JnL291dC1vZi1iYW5kLzEuMS9pbnZpdGF0aW9uIiwgIkBpZCI6ICI5ODQwMzU1YS0zZjJiLTQ0NTMtOTQ5ZS1hNWUxZDA4NjZhYTciLCAibGFiZWwiOiAiSW52aXRhdGlvbiB0byBCYXJyeSIsICJoYW5kc2hha2VfcHJvdG9jb2xzIjogWyJodHRwczovL2RpZGNvbW0ub3JnL2RpZGV4Y2hhbmdlLzEuMCIsICJodHRwczovL2RpZGNvbW0ub3JnL2Nvbm5lY3Rpb25zLzEuMCJdLCAiYWNjZXB0IjogWyJkaWRjb21tL2FpcDEiLCAiZGlkY29tbS9haXAyO2Vudj1yZmMxOSJdLCAic2VydmljZXMiOiBbeyJpZCI6ICIjaW5saW5lIiwgInR5cGUiOiAiZGlkLWNvbW11bmljYXRpb24iLCAicmVjaXBpZW50S2V5cyI6IFsiZGlkOmtleTp6Nk1raldwVWJWYUpScmZUakI2cExKUkJwQ1JCYkZtSFM1eGRuUlVDVDdKVTFXZXMiXSwgInNlcnZpY2VFbmRwb2ludCI6ICJodHRwczovL3RyYWN0aW9uLWFjYXB5LWRldi5hcHBzLnNpbHZlci5kZXZvcHMuZ292LmJjLmNhIn1dfQ=="
}

However that invitation URL block when decoded does not include the goal information:

{
    "@id": "9840355a-3f2b-4453-949e-a5e1d0866aa7",
    "@type": "https://didcomm.org/out-of-band/1.1/invitation",
    "accept": [
        "didcomm/aip1",
        "didcomm/aip2;env=rfc19"
    ],
    "handshake_protocols": [
        "https://didcomm.org/didexchange/1.0",
        "https://didcomm.org/connections/1.0"
    ],
    "label": "Invitation to Barry",
    "services": [
        {
            "id": "#inline",
            "recipientKeys": [
                "did:key:z6MkjWpUbVaJRrfTjB6pLJRBpCRBbFmHS5xdnRUCT7JU1Wes"
            ],
            "serviceEndpoint": "https://traction-acapy-dev.apps.silver.devops.gov.bc.ca",
            "type": "did-communication"
        }
    ]
}
@andrewwhitehead
Copy link
Contributor

One issue I notice is that the OOB Manager is only setting the goal and goal code properties if BOTH are provided: https://github.com/hyperledger/aries-cloudagent-python/blob/37c4bc27d3c38b9843d696213d096b3fd4762dc2/aries_cloudagent/protocols/out_of_band/v1_0/manager.py#L366

@swcurran
Copy link
Contributor

swcurran commented Nov 1, 2023

Wondered if that might be it when I saw @wadeking98 ’s example. In that, he had provided a value for the code, but the goal was blank (“”). Interesting.

However, the example above shows both fields populated, and both missing from the invitation_url value.

@usingtechnology usingtechnology self-assigned this Nov 1, 2023
@andrewwhitehead
Copy link
Contributor

andrewwhitehead commented Nov 2, 2023

One line before the line that I linked, it encodes the invitation as a URL, prior to assigning the goal and goal_code properties. :)

@loneil
Copy link
Contributor Author

loneil commented Nov 3, 2023

@swcurran re: Andrew's comment here #2583 (comment)
Is that intended behaviour? So you must provide a goal and goal code? The API doesn't 422 in this case. So if I provide JUST one of those then I get an OOB invitation, but the one I do provide is missing.
Caller could be confused that they're missing data maybe in this case?

If intended I'll validate for that on the Tenant UI at least.

image

My thought is it could 422 the request if you don't provide those together rather than return a success with the missing field not in the response.

I can create another ticket if this is something to track

@usingtechnology
Copy link
Contributor

maybe we should ask wade king and bc wallet team. we could 422 if only one of goal/goal_code provided, or we would just populate whatever fields are provided. the logic that both fields were required in order to add them must mean something... but it doesn't seem like anyone has a use case until now, so doubtful that only having a goal_code will break any existing processing. anyway, very easy to make any of those changes.

@usingtechnology
Copy link
Contributor

i don't think you want to depend on the tenant-ui for protection, so whatever is deemed the appropriate behaviour, let's put it in ACA-Py

@loneil
Copy link
Contributor Author

loneil commented Nov 3, 2023

Yeah just from a pure REST standpoint, regardless of business-needs, it maybe(?) smells to me that I can POST something and get a successful response that is meant to include the request fields in the resource, but is missing one of the fields.

@loneil
Copy link
Contributor Author

loneil commented Nov 3, 2023

Added this for any future tracking if needed. #2594

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants