New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Auth] Move interaction routes to a different port #2649
Comments
Isn't problematic only accept/reject route? These two are most problematic in my view. For example, if Rafiki Auth is exposed, then on the checkout of Rafiki Boutique, I can use probably any payment pointer I want. Because for accepting grant, I only need interaction and nonce. For Just a food for thought :) |
@sabineschaller on the link that you provided (https://openpayments.dev/apis/auth-server/), I cannot see any routes. I can take this ticket if we specify what routes should be exposed and what not. Suggestion: |
Accept and reject interaction choices should not be exposed. but other routes can and must be exposed. This is why we need to move the choice routes to different port BREAKING CHANGE: Routes for accepting and rejecting choice are no longer exposed. Ideally, this must be done through ASE backend service that checks for authentication / authorization #2649
Accept and reject interaction choices should not be exposed. but other routes can and must be exposed. This is why we need to move the choice routes to different port BREAKING CHANGE: Routes for accepting and rejecting choice are no longer exposed. Ideally, this must be done through ASE backend service that checks for authentication / authorization #2649
Context
The auth package currently has the GNAP routes and the interaction routes on the same port. The GNAP routes need to be exposed to the world while the interaction routes do not. Hence, we'd like to move the interaction routes to their own port.
To clarify:
Todos
The text was updated successfully, but these errors were encountered: