Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CAMARA Guidelines: Phone number identification with 3Legs #51

Closed
FabrizioMoggio opened this issue Jul 4, 2024 · 6 comments
Closed

CAMARA Guidelines: Phone number identification with 3Legs #51

FabrizioMoggio opened this issue Jul 4, 2024 · 6 comments

Comments

@FabrizioMoggio
Copy link
Collaborator

Problem description
CAMARA Guidelines define to get the phone number from the access token:
https://github.com/camaraproject/Commonalities/blob/main/documentation/API-design-guidelines.md#appendix-a-infodescription-template-for-device-identification-from-access-token

and if anyway provided in the API invocation a check must be done.

Expected behavior
get MSISDN from the access token

Alternative solution
still use PhoneNumber as input parameter and return error 403 (INVALID_TOKEN_CONTEXT) if it is not equal with the value from the access token

Additional context
camaraproject/Commonalities#233
camaraproject/SimSwap#117
@FabrizioMoggio
Copy link
Collaborator Author

I propose to go for the "Alternative solution":

"still use PhoneNumber as input parameter and return error 403 (INVALID_TOKEN_CONTEXT) if it is not equal with the value from the access token"

It is easier for the Developer to understand the flow in my opinion.

@FabrizioMoggio
Copy link
Collaborator Author

With a reference to: https://github.com/camaraproject/IdentityAndConsentManagement/blob/main/documentation/CAMARA-Security-Interoperability.md#oidc-authorization-code-flow

In my understanding, for the CFS API, we use CIBA and the API Consumer should use: "tel" in the "login_hint".

This is not documented in our API. I propose to add this topic in the in the info.description along with description of the whole process as defined here: https://github.com/camaraproject/Commonalities/blob/main/documentation/API-design-guidelines.md#appendix-a-infodescription-template-for-device-identification-from-access-token

@FabrizioMoggio FabrizioMoggio mentioned this issue Jul 10, 2024
Merged
FabrizioMoggio added a commit to FabrizioMoggio/CallForwardingSignal that referenced this issue Jul 15, 2024
@FabrizioMoggio
Phone number identification with 3Legs
266a46c 
- Phone number identification with 3Legs, according to: camaraproject#51
FabrizioMoggio added a commit to FabrizioMoggio/CallForwardingSignal that referenced this issue Jul 15, 2024
@FabrizioMoggio
Phone Number from Token
ee8b2d0 
according to: camaraproject#51

and supporting last commit on : camaraproject#48
@FabrizioMoggio FabrizioMoggio mentioned this issue Jul 15, 2024
Merged
@FabrizioMoggio
Copy link
Collaborator Author

FabrizioMoggio commented Jul 16, 2024
edited
Loading

In the current PR for the test cases I have considered phone number in the access token as optional but I have a doubt on this interpretation of mine, so I opened this discussion in Commonalities:

camaraproject/Commonalities#248

@FabrizioMoggio
Copy link
Collaborator Author

According to camaraproject/Commonalities#248

phone number is always in the access token: the test cases must be updated consequently

@FabrizioMoggio
Copy link
Collaborator Author

Implemented with in rel 0.2.0 wip: #48

@FabrizioMoggio FabrizioMoggio mentioned this issue Jul 17, 2024
Closed
FabrizioMoggio added a commit to FabrizioMoggio/CallForwardingSignal that referenced this issue Jul 18, 2024
@FabrizioMoggio
Test Cases update with login_hint mandatory
3d3ba17 
according to: camaraproject#51 (comment)
@FabrizioMoggio
Copy link
Collaborator Author

FabrizioMoggio commented Jul 18, 2024
edited
Loading

login_hint mandatory - fixed with PR: #54

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@FabrizioMoggio