From 455080c8ea78ac62cedf4319625a5e8ed7373286 Mon Sep 17 00:00:00 2001 From: Ludovic Robert <30499179+bigludo7@users.noreply.github.com> Date: Wed, 18 Dec 2024 14:55:23 +0100 Subject: [PATCH 1/2] Align location-retrieval.yaml comm 0.5 for Error Align location-retrieval.yaml comm 0.5 for Error --- code/API_definitions/location-retrieval.yaml | 230 ++++++++++--------- 1 file changed, 127 insertions(+), 103 deletions(-) diff --git a/code/API_definitions/location-retrieval.yaml b/code/API_definitions/location-retrieval.yaml index 22f89578..c0dec1eb 100644 --- a/code/API_definitions/location-retrieval.yaml +++ b/code/API_definitions/location-retrieval.yaml @@ -60,29 +60,19 @@ info: It is important to remark that in cases where personal user data is processed by the API, and users can exercise their rights through mechanisms such as opt-in and/or opt-out, the use of 3-legged access tokens becomes mandatory. This measure ensures that the API remains in strict compliance with user privacy preferences and regulatory obligations, upholding the principles of transparency and user-centric data control. - # Identifying a device from the access token + # Identifying the device from the access token - This specification defines the `device` object field as optional in API requests, specifically in cases where the API is accessed using a 3-legged access token, and the device can be uniquely identified by the token. This approach simplifies API usage for API consumers by relying on the device information associated with the access token used to invoke the API. + This API requires the API consumer to identify a device as the subject of the API as follows: + - When the API is invoked using a two-legged access token, the subject will be identified from the optional `device` object, which therefore MUST be provided. + - When a three-legged access token is used however, this optional identifier MUST NOT be provided, as the subject will be uniquely identified from the access token. - ## Handling of device information: + This approach simplifies API usage for API consumers using a three-legged access token to invoke the API by relying on the information that is associated with the access token and was identified during the authentication process. - ### Optional device object for 3-legged tokens: + ## Error handling: - - When using a 3-legged access token, the device associated with the access token must be considered as the device for the API request. This means that the device object is not required in the request, and if included it must identify the same device, therefore **it is recommended NOT to include it in these scenarios** to simplify the API usage and avoid additional validations. + - If the subject cannot be identified from the access token and the optional `device` object is not included in the request, then the server will return an error with the `422 MISSING_IDENTIFIER` error code. - ### Validation mechanism: - - - The server will extract the device identification from the access token, if available. - - If the API request additionally includes a `device` object when using a 3-legged access token, the API will validate that the device identifier provided matches the one associated with the access token. - - If there is a mismatch, the API will respond with a 403 - INVALID_TOKEN_CONTEXT error, indicating that the device information in the request does not match the token. - - ### Error handling for unidentifiable devices: - - - If the `device` object is not included in the request and the device information cannot be derived from the 3-legged access token, the server will return a 422 `UNIDENTIFIABLE_DEVICE` error. - - ### Restrictions for tokens without an associated authenticated identifier: - - - For scenarios which do not have a single device identifier associated to the token during the authentication flow, e.g. 2-legged access tokens, the `device` object MUST be provided in the API request. This ensures that the device identification is explicit and valid for each API call made with these tokens. + - If the subject can be identified from the access token and the optional `device` object is also included in the request, then the server will return an error with the `422 UNNECESSARY_IDENTIFIER` error code. This will be the case even if the same device is identified by these two methods, as the server is unable to make this comparison. # Further info and support @@ -91,7 +81,7 @@ info: license: name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html - x-camara-commonalities: 0.4.0 + x-camara-commonalities: 0.5.0 externalDocs: description: Project documentation at Camara url: https://github.com/camaraproject/DeviceLocation @@ -167,10 +157,8 @@ paths: $ref: '#/components/responses/RetrieveLocationNotFound404' '422': $ref: '#/components/responses/RetrieveLocationUnprocessableEntity422' - '500': - $ref: '#/components/responses/Generic500' - '503': - $ref: '#/components/responses/Generic503' + '429': + $ref: '#/components/responses/Generic429' security: - openId: - location-retrieval:read @@ -412,23 +400,33 @@ components: content: application/json: schema: - $ref: "#/components/schemas/ErrorInfo" + allOf: + - $ref: "#/components/schemas/ErrorInfo" + - type: object + properties: + status: + enum: + - 400 + code: + enum: + - INVALID_ARGUMENT + - OUT_OF_RANGE + - LOCATION_RETRIEVAL.MAXAGE_INVALID_ARGUMENT examples: GENERIC_400_INVALID_ARGUMENT: - summary: Generic Invalid Argument description: Invalid Argument. Generic Syntax Exception value: status: 400 code: INVALID_ARGUMENT message: Client specified an invalid argument, request body or query param. GENERIC_400_OUT_OF_RANGE: - summary: Generic Out of Range description: Out of Range. Specific Syntax Exception used when a given field has a pre-defined range or a invalid filter criteria combination is requested value: status: 400 code: OUT_OF_RANGE message: Client specified an invalid range. GENERIC_400_MAX_AGE_NOT_SATISFIABLE: + description: maxAge required in the request cannot be satisfied. Specific error for this API value: status: 400 code: LOCATION_RETRIEVAL.MAXAGE_INVALID_ARGUMENT @@ -441,23 +439,30 @@ components: content: application/json: schema: - $ref: "#/components/schemas/ErrorInfo" + allOf: + - $ref: "#/components/schemas/ErrorInfo" + - type: object + properties: + status: + enum: + - 401 + code: + enum: + - UNAUTHENTICATED + - AUTHENTICATION_REQUIRED examples: GENERIC_401_UNAUTHENTICATED: - summary: Generic Unauthenticated description: Request cannot be authenticated value: status: 401 code: UNAUTHENTICATED message: Request not authenticated due to missing, invalid, or expired credentials. GENERIC_401_AUTHENTICATION_REQUIRED: - summary: Generic Authentication Required description: New authentication is needed, authentication is no longer valid value: status: 401 code: AUTHENTICATION_REQUIRED message: New authentication is required. - Generic403: description: Forbidden headers: @@ -466,23 +471,30 @@ components: content: application/json: schema: - $ref: "#/components/schemas/ErrorInfo" + allOf: + - $ref: "#/components/schemas/ErrorInfo" + - type: object + properties: + status: + enum: + - 403 + code: + enum: + - PERMISSION_DENIED + - INVALID_TOKEN_CONTEXT examples: GENERIC_403_PERMISSION_DENIED: - summary: Generic Permission Denied description: Permission denied. OAuth2 token access does not have the required scope or when the user fails operational security value: status: 403 code: PERMISSION_DENIED message: Client does not have sufficient permissions to perform this action. GENERIC_403_INVALID_TOKEN_CONTEXT: - summary: Invalid access token context - description: Reflects some inconsistency between information in some field of the API and the related OAuth2 Token + description: Reflect some inconsistency between information in some field of the API and the related OAuth2 Token value: status: 403 code: INVALID_TOKEN_CONTEXT message: "{{field}} is not consistent with access token." - RetrieveLocationNotFound404: description: Not found headers: @@ -491,111 +503,123 @@ components: content: application/json: schema: - $ref: '#/components/schemas/ErrorInfo' + allOf: + - $ref: "#/components/schemas/ErrorInfo" + - type: object + properties: + status: + enum: + - 404 + code: + enum: + - LOCATION_RETRIEVAL.DEVICE_NOT_FOUND + - IDENTIFIER_NOT_FOUND examples: - LOCATION_RETRIEVAL_404_UNABLE_TO_LOCATE_DEVICE: - summary: The location server is not able to locate the device + LOCATION_RETRIEVAL_404_DEVICE_NOT_FOUND: description: The location server is not able to locate the device value: status: 404 code: LOCATION_RETRIEVAL.DEVICE_NOT_FOUND message: 'The location server is not able to locate the mobile' - GENERIC_404_DEVICE_NOT_FOUND: - summary: Some identifier cannot be matched to a device - description: One or more of the provided device identifiers do not match any device + GENERIC_404_IDENTIFIER_NOT_FOUND: + description: Some identifier cannot be matched to a device value: status: 404 - code: DEVICE_NOT_FOUND - message: "No device found for a provided identifier" - + code: IDENTIFIER_NOT_FOUND + message: Device identifier not found. RetrieveLocationUnprocessableEntity422: - description: Unprocessable Entity + description: Unprocessable Content headers: x-correlator: $ref: '#/components/headers/x-correlator' content: application/json: schema: - $ref: '#/components/schemas/ErrorInfo' + allOf: + - $ref: "#/components/schemas/ErrorInfo" + - type: object + properties: + status: + enum: + - 422 + code: + enum: + - IDENTIFIER_MISMATCH + - SERVICE_NOT_APPLICABLE + - MISSING_IDENTIFIER + - UNSUPPORTED_IDENTIFIER + - UNNECESSARY_IDENTIFIER + - LOCATION_RETRIEVAL.UNABLE_TO_FULFILL_MAX_AGE examples: - LOCATION_RETRIEVAL_422_UNABLE_TO_FULFILL_MAX_AGE: - summary: Unable to provide expected freshness - description: Unable to provide expected freshness for location retrieval request + GENERIC_422_IDENTIFIER_MISMATCH: + description: Inconsistency between identifiers not pointing to the same device value: status: 422 - code: LOCATION_RETRIEVAL.UNABLE_TO_FULFILL_MAX_AGE - message: "Unable to provide expected freshness for location" - GENERIC_422_UNPROCESSABLE_ENTITY: - summary: Unprocessable entity - description: The request was well-formed but was unable to be processed due to semantic errors or not applicable values. This is the generic error code for 422 responses. + code: IDENTIFIER_MISMATCH + message: Provided identifiers are not consistent. + GENERIC_422_SERVICE_NOT_APPLICABLE: + description: Service not applicable for the provided identifier value: status: 422 - code: UNPROCESSABLE_ENTITY - message: "Value not acceptable: ..." - GENERIC_422_DEVICE_NOT_APPLICABLE: - summary: Service not applicable to the device - description: The provided device is not compatible with the requested operation, according to the service provider rules. + code: SERVICE_NOT_APPLICABLE + message: The service is not available for the provided identifier. + GENERIC_422_MISSING_IDENTIFIER: + description: An identifier is not included in the request and the device or phone number identification cannot be derived from the 3-legged access token value: status: 422 - code: DEVICE_NOT_APPLICABLE - message: "The device is not applicable for the requested operation" - GENERIC_422_DEVICE_IDENTIFIERS_MISMATCH: - summary: Device identifiers mismatch - description: Several device identifiers are provided but do not match the same device + code: MISSING_IDENTIFIER + message: The device cannot be identified. + GENERIC_422_UNSUPPORTED_IDENTIFIER: + description: None of the provided identifiers is supported by the implementation value: status: 422 - code: DEVICE_IDENTIFIERS_MISMATCH - message: "The provided device identifiers do not match the same device" - GENERIC_422_UNSUPPORTED_DEVICE_IDENTIFIERS: - summary: None of the provided device identifiers is supported by the implementation - description: Message may list the supported device identifiers + code: UNSUPPORTED_IDENTIFIER + message: The identifier provided is not supported. + GENERIC_422_UNNECESSARY_IDENTIFIER: + description: An explicit identifier is provided when a device or phone number has already been identified from the access token value: status: 422 - code: UNSUPPORTED_DEVICE_IDENTIFIERS - message: "Supported device identifiers are: ..." - GENERIC_422_UNIDENTIFIABLE_DEVICE: - summary: No identifier provided - description: No device identifier provided for the device to be located + code: UNNECESSARY_IDENTIFIER + message: The device is already identified by the access token. + LOCATION_RETRIEVAL_422_UNABLE_TO_FULFILL_MAX_AGE: + summary: Unable to fulfill maxAge + description: The system is not able to provide the fresh location required by the client value: status: 422 - code: UNIDENTIFIABLE_DEVICE - message: "A device must be provided" - Generic500: - description: Internal server error + code: LOCATION_RETRIEVAL.UNABLE_TO_FULFILL_MAX_AGE + message: "Unable to provide expected freshness for location" + Generic429: + description: Too Many Requests headers: x-correlator: $ref: "#/components/headers/x-correlator" content: application/json: schema: - $ref: "#/components/schemas/ErrorInfo" + allOf: + - $ref: "#/components/schemas/ErrorInfo" + - type: object + properties: + status: + enum: + - 429 + code: + enum: + - QUOTA_EXCEEDED + - TOO_MANY_REQUESTS examples: - GENERIC_500_INTERNAL: - summary: Generic Internal - description: Problem in Server side. Regular Server Exception + GENERIC_429_QUOTA_EXCEEDED: + description: Request is rejected due to exceeding a business quota limit value: - status: 500 - code: INTERNAL - message: "Internal server error" - - Generic503: - description: Service Unavailable - headers: - x-correlator: - $ref: "#/components/headers/x-correlator" - content: - application/json: - schema: - $ref: "#/components/schemas/ErrorInfo" - examples: - GENERIC_503_UNAVAILABLE: - summary: Generic Unavailable - description: Service is not available. Temporary situation usually related to maintenance process in the server side + status: 429 + code: QUOTA_EXCEEDED + message: Either out of resource quota or reaching rate limiting. + GENERIC_429_TOO_MANY_REQUESTS: + description: API Server request limit is overpassed value: - status: 503 - code: UNAVAILABLE - message: Service Unavailable. - + status: 429 + code: TOO_MANY_REQUESTS + message: Either out of resource quota or reaching rate limiting. examples: RETRIEVAL_CIRCLE: summary: circle-based device location retrieval From 8327a2aa45d45b8ce74f5a910e81cd765f8ccdd5 Mon Sep 17 00:00:00 2001 From: Ludovic Robert <30499179+bigludo7@users.noreply.github.com> Date: Wed, 18 Dec 2024 14:59:49 +0100 Subject: [PATCH 2/2] Align error code with comm.0.5 Align error code with comm.0.5 --- code/Test_definitions/location-retrieval.feature | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/code/Test_definitions/location-retrieval.feature b/code/Test_definitions/location-retrieval.feature index f99d8399..4edd8d13 100644 --- a/code/Test_definitions/location-retrieval.feature +++ b/code/Test_definitions/location-retrieval.feature @@ -140,7 +140,7 @@ Feature: CAMARA Device location retrieval API, v0.3.0 - Operation retrieveLocati When the HTTP "POST" request is sent Then the response status code is 422 And the response property "$.status" is 422 - And the response property "$.code" is "UNSUPPORTED_DEVICE_IDENTIFIERS" + And the response property "$.code" is "UNSUPPORTED_IDENTIFIERS" And the response property "$.message" contains a user friendly text @location_retrieval_13_device_not_found @@ -149,7 +149,7 @@ Feature: CAMARA Device location retrieval API, v0.3.0 - Operation retrieveLocati When the HTTP "POST" request is sent Then the response status code is 404 And the response property "$.status" is 404 - And the response property "$.code" is "DEVICE_NOT_FOUND" + And the response property "$.code" is "IDENTIFIER_NOT_FOUND" And the response property "$.message" contains a user friendly text @location_retrieval_14_device_identifiers_mismatch @@ -160,7 +160,7 @@ Feature: CAMARA Device location retrieval API, v0.3.0 - Operation retrieveLocati When the HTTP "POST" request is sent Then the response status code is 422 And the response property "$.status" is 422 - And the response property "$.code" is "DEVICE_IDENTIFIERS_MISMATCH" + And the response property "$.code" is "IDENTIFIER_MISMATCH" And the response property "$.message" contains a user friendly text @location_retrieval_15_device_token_mismatch @@ -181,7 +181,7 @@ Feature: CAMARA Device location retrieval API, v0.3.0 - Operation retrieveLocati When the HTTP "POST" request is sent Then the response status code is 422 And the response property "$.status" is 422 - And the response property "$.code" is "DEVICE_NOT_APPLICABLE" + And the response property "$.code" is "SERVICE_NOT_APPLICABLE" And the response property "$.message" contains a user friendly text # Generic 400 errors