chore!: removed 'updatedAt' from incoming and outgoing payments responses from OP (#3429)

* Removed updatedAt from incoming and outgoing payments responses from OP

* Removed 'updatedAt' from test-lib 'createReceiver', updated OP version for auth, test-lib and integration packages

* Updated pnpm-lock

* Updated bruno requests

* Removed 'updatedAt' from webhook.yaml

* feat: either receiveAmount or debitAmount allowed for outgoing payment limits (#3449)

* Set limits to have either receive or debit amount

* Updated auth limits and bruno request

* Added the case when both types of amount are missing

* Updated mock ASE consent screen, renamed error, added check in auth for both types of amount

* Added error enum for access, added tests and updated types

* Added error mapping for grants, updated tests

* Format fixes and ignored eslint error

* Updated createGrant function for testing

* Forgot to rollback transaction when error will be thrown

* Simplified access error handling

* Removed unnecessary assert and changed error code

* Fixed mock consent screen so it will support having either receive or debit amount

* Updated consent messages

* Updated mock ASE consent screen to handle all limit amount cases

* Updated token-introspection OP version to 7.0.0, and removed updatedAt from outgoing payments webhooks schema

Author: oana-lolea

bruno/collections/Rafiki/Examples/Admin API - only locally/Peer-to-Peer Cross Currency Payment/Create Receiver (remote Incoming Payment).bru

@@ -30,7 +30,6 @@ body:graphql {
           assetScale
           value
         }
-        updatedAt
       }
     }
   }
@@ -65,7 +64,7 @@ script:pre-request {
 
 script:post-response {
   const body = res.getBody();
-
+  
   if (body?.data) {
     bru.setEnvVar("receiverId", body.data.createReceiver.receiver.id);
   }

bruno/collections/Rafiki/Examples/Admin API - only locally/Peer-to-Peer Local Payment/Create Receiver -local Incoming Payment-.bru

@@ -30,7 +30,6 @@ body:graphql {
           assetScale
           value
         }
-        updatedAt
       }
     }
   }

bruno/collections/Rafiki/Examples/Admin API - only locally/Peer-to-Peer Payment/Create Receiver -remote Incoming Payment-.bru

@@ -30,7 +30,6 @@ body:graphql {
           assetScale
           value
         }
-        updatedAt
       }
     }
   }
@@ -60,7 +59,7 @@ script:pre-request {
 
 script:post-response {
   const body = res.getBody();
-
+  
   if (body?.data) {
     bru.setEnvVar("receiverId", body.data.createReceiver.receiver.id);
   }

bruno/collections/Rafiki/Examples/Open Payments/Grant Request Outgoing Payment.bru

@@ -21,8 +21,7 @@ body:json {
                   ],
                   "identifier": "{{senderWalletAddress}}",
                   "limits": {
-                      "debitAmount": {{quoteDebitAmount}},
-                      "receiveAmount": {{quoteReceiveAmount}}
+                      "debitAmount": {{quoteDebitAmount}}
                   }
               }
           ]

bruno/collections/Rafiki/Examples/Web Monetization/Grant Request Outgoing Payment.bru

@@ -21,8 +21,7 @@ body:json {
                   ],
                   "identifier": "{{senderWalletAddress}}",
                   "limits": {
-                      "debitAmount": {{quoteDebitAmount}},
-                      "receiveAmount": {{quoteReceiveAmount}}
+                      "debitAmount": {{quoteDebitAmount}}
                   }
               }
           ]

bruno/collections/Rafiki/Open Payments Auth APIs/Grants/Grant Request.bru

@@ -31,11 +31,6 @@ body:json {
                           "value": "8000",
                           "assetCode": "USD",
                           "assetScale": 2
-                      },
-                      "receiveAmount": {
-                          "value": "8000",
-                          "assetCode": "USD",
-                          "assetScale": 2
                       }
                   }
               }

bruno/collections/Rafiki/Rafiki Admin APIs/Create Receiver (remote Incoming Payment).bru

@@ -30,7 +30,6 @@ body:graphql {
           assetScale
           value
         }
-        updatedAt
       }
     }
   }

bruno/collections/Rafiki/Rafiki Admin APIs/Get Receiver (remote Incoming Payment).bru

@@ -29,7 +29,6 @@ body:graphql {
               value
           }
           createdAt
-          updatedAt
       }
   }
 }

localenv/mock-account-servicing-entity/app/routes/mock-idp._index.tsx

@@ -30,6 +30,12 @@ interface GrantAmount {
   currencyDisplayCode: string
 }
 
+export enum AmountType {
+  DEBIT = 'debit',
+  RECEIVE = 'receive',
+  UNLIMITED = 'unlimited'
+}
+
 export function loader() {
   return json({ defaultIdpSecret: CONFIG.idpSecret })
 }
@@ -45,8 +51,8 @@ function ConsentScreenBody({
 }: {
   _thirdPartyUri: string
   thirdPartyName: string
-  price: GrantAmount
-  costToUser: GrantAmount
+  price: GrantAmount | null
+  costToUser: GrantAmount | null
   interactId: string
   nonce: string
   returnUrl: string
@@ -80,6 +86,15 @@ function ConsentScreenBody({
             )}
           </div>
         </div>
+        <div className='row mt-2'>
+          <div className='col-12'>
+            {!price && !costToUser && (
+              <p>
+                {thirdPartyName} is requesting grant for an unlimited amount
+              </p>
+            )}
+          </div>
+        </div>
         <div className='row mt-2'>
           <div className='col-12'>Do you consent?</div>
         </div>
@@ -297,21 +312,29 @@ export default function ConsentScreen({ idpSecretParam }: ConsentScreenProps) {
             )
             returnUrlObject.searchParams.append(
               'currencyDisplayCode',
-              outgoingPaymentAccess && outgoingPaymentAccess.limits
-                ? outgoingPaymentAccess.limits.debitAmount.assetCode
-                : null
+              outgoingPaymentAccess?.limits?.debitAmount?.assetCode ??
+                outgoingPaymentAccess?.limits?.receiveAmount?.assetCode ??
+                null
             )
             returnUrlObject.searchParams.append(
-              'sendAmountValue',
-              outgoingPaymentAccess && outgoingPaymentAccess.limits
-                ? outgoingPaymentAccess.limits.debitAmount.value
-                : null
+              'amountValue',
+              outgoingPaymentAccess?.limits?.debitAmount?.value ??
+                outgoingPaymentAccess?.limits?.receiveAmount?.value ??
+                null
             )
             returnUrlObject.searchParams.append(
-              'sendAmountScale',
-              outgoingPaymentAccess && outgoingPaymentAccess.limits
-                ? outgoingPaymentAccess.limits.debitAmount.assetScale
-                : null
+              'amountScale',
+              outgoingPaymentAccess?.limits?.debitAmount?.assetScale ??
+                outgoingPaymentAccess?.limits?.receiveAmount?.assetScale ??
+                null
+            )
+            returnUrlObject.searchParams.append(
+              'amountType',
+              outgoingPaymentAccess?.limits?.receiveAmount
+                ? AmountType.RECEIVE
+                : outgoingPaymentAccess?.limits?.debitAmount
+                  ? AmountType.DEBIT
+                  : AmountType.UNLIMITED
             )
             setCtx({
               ...ctx,
@@ -337,33 +360,43 @@ export default function ConsentScreen({ idpSecretParam }: ConsentScreenProps) {
       ctx.errors.length === 0 &&
       ctx.ready &&
       ctx.outgoingPaymentAccess &&
-      (!ctx.price || !ctx.costToUser)
+      !ctx.price &&
+      !ctx.costToUser
     ) {
-      if (
-        ctx.outgoingPaymentAccess.limits &&
-        ctx.outgoingPaymentAccess.limits.debitAmount &&
-        ctx.outgoingPaymentAccess.limits.receiveAmount
-      ) {
-        const { receiveAmount, debitAmount } = ctx.outgoingPaymentAccess.limits
-        setCtx({
-          ...ctx,
-          price: {
-            amount:
-              Number(receiveAmount.value) /
-              Math.pow(10, receiveAmount.assetScale),
-            currencyDisplayCode: receiveAmount.assetCode
-          },
-          costToUser: {
-            amount:
-              Number(debitAmount.value) / Math.pow(10, debitAmount.assetScale),
-            currencyDisplayCode: debitAmount.assetCode
-          }
-        })
-      } else {
-        setCtx({
-          ...ctx,
-          errors: [new Error('missing or incomplete outgoing payment access')]
-        })
+      if (ctx.outgoingPaymentAccess.limits) {
+        if (
+          ctx.outgoingPaymentAccess.limits.debitAmount &&
+          ctx.outgoingPaymentAccess.limits.receiveAmount
+        ) {
+          setCtx({
+            ...ctx,
+            errors: [
+              new Error('only one of receiveAmount or debitAmount allowed')
+            ]
+          })
+        } else {
+          const { receiveAmount, debitAmount } =
+            ctx.outgoingPaymentAccess.limits
+          setCtx({
+            ...ctx,
+            ...(receiveAmount && {
+              price: {
+                amount:
+                  Number(receiveAmount.value) /
+                  Math.pow(10, receiveAmount.assetScale),
+                currencyDisplayCode: receiveAmount.assetCode
+              }
+            }),
+            ...(debitAmount && {
+              costToUser: {
+                amount:
+                  Number(debitAmount.value) /
+                  Math.pow(10, debitAmount.assetScale),
+                currencyDisplayCode: debitAmount.assetCode
+              }
+            })
+          })
+        }
       }
     }
   }, [ctx, setCtx])
@@ -379,7 +412,7 @@ export default function ConsentScreen({ idpSecretParam }: ConsentScreenProps) {
         </div>
         {ctx.ready ? (
           <>
-            {ctx.errors.length > 0 || !ctx.price || !ctx.costToUser ? (
+            {ctx.errors.length > 0 ? (
               <>
                 <h2 className='display-6'>Failed</h2>
                 <ul>

localenv/mock-account-servicing-entity/app/routes/mock-idp.consent.tsx

@@ -10,6 +10,7 @@ import { CONFIG as config } from '~/lib/parse_config.server'
 import { Button } from '~/components'
 import { CheckCircleSolid, XCircle } from '~/components/icons'
 import { InstanceConfig } from '~/lib/types'
+import { AmountType } from './mock-idp._index'
 
 export function loader() {
   return json({
@@ -24,26 +25,39 @@ function AuthorizedView({
   amount,
   interactId,
   nonce,
-  authServerDomain
+  authServerDomain,
+  amountType
 }: {
   thirdPartyName: string
   currencyDisplayCode: string
   amount: number
   interactId: string
   nonce: string
   authServerDomain: string
+  amountType: string
 }) {
+  let message = `You gave ${thirdPartyName} permission to `
+  switch (amountType) {
+    case AmountType.RECEIVE:
+      message += `receive ${currencyDisplayCode} ${amount.toFixed(2)} in your account.`
+      break
+    case AmountType.DEBIT:
+      message += `send ${currencyDisplayCode} ${amount.toFixed(2)} out of your account.`
+      break
+    case AmountType.UNLIMITED:
+      message += 'have unlimited access to your account.'
+      break
+    default:
+      message = 'Type of authorization is missing'
+  }
   return (
     <div className='bg-white rounded-md p-8 px-16'>
       <div className='row mt-2 flex flex-row items-center justify-around'>
         <div>
           <CheckCircleSolid className='w-16 h-16 text-green-400 flex-shrink-0 mr-6' />
         </div>
         <div>
-          <p>
-            You gave {thirdPartyName} permission to send {currencyDisplayCode}{' '}
-            {amount.toFixed(2)} out of your account.
-          </p>
+          <p>{message}</p>
         </div>
       </div>
       <div className='row mt-2'>
@@ -114,8 +128,9 @@ export default function Consent() {
     thirdPartyUri: queryParams.get('thirdPartyUri'),
     currencyDisplayCode: queryParams.get('currencyDisplayCode'),
     amount:
-      Number(queryParams.get('sendAmountValue')) /
-      Math.pow(10, Number(queryParams.get('sendAmountScale')))
+      Number(queryParams.get('amountValue')) /
+      Math.pow(10, Number(queryParams.get('amountScale'))),
+    amountType: queryParams.get('amountType')
   })
 
   useEffect(() => {
@@ -168,6 +183,7 @@ export default function Consent() {
           interactId={ctx.interactId}
           nonce={ctx.nonce}
           authServerDomain={authServerDomain}
+          amountType={ctx.amountType || ''}
         />
       ) : (
         <RejectedView