feat(auth): add subject to grant (#3440)

* feat(auth): add subject to grant

* feat(auth): add subject to grant

* fix(auth): grant access when is undefined

* feat(auth): subject id validation

* fix(auth): fix tests

* Update packages/auth/src/graphql/schema.graphql

Co-authored-by: Max Kurapov <[email protected]>

* feat(auth): throw GrantError instead of Error

* fix(auth): description for subIdFormat

* fix(auth): trx in tests is knex

* fix: grant service to throw only grant errors

* fix(auth): address change requests

* fix(auth): address change requests

* fix tests

* access token optional in grant response

* fix(auth): move accessErrorsMap to grant

* fix(auth): fix test for grant access

* fix(auth): changed interaction generic error message

* use main OpenAPI spec for Auth

* fix(auth): approved grant does not return subject

* fix(auth): remove unused import

Co-authored-by: Max Kurapov <[email protected]>

* fix(auth): make access_token optional in response

* fix(deps): sha.js critical update

* fix(deps): critical update

* Update package.json

Co-authored-by: Max Kurapov <[email protected]>

* update pnpm lock file

* change op specs version

* feat(auth): update idp openapi spec

* feat(auth): make idp standalone

* chore(deps): update axios

* fix(auth): access token in response when it shouldnt

* fix(auth): tests

* try to fix grype scan

* try fix grype

* restore 'fix'

* try fix grype

* try fix grype 2

* feat(localenv): expose subject during consent in mock-ase (#3666)

* feat(localenv): expose subject during consent in mock-ase

* feat: include client name in subject grant line

* fix(mase): grantId not being retrieved

* fix(mase): consent and confirmation texts

* fix: handle subject-only grants properly

---------

Co-authored-by: Cozmin Ungureanu <[email protected]>

---------

Co-authored-by: Max Kurapov <[email protected]>
Co-authored-by: Nathan Lie <[email protected]>

Author: 3 people

.github/workflows/node-build.yml

@@ -115,7 +115,7 @@ jobs:
       - name: fail if GraphQL was generated
         if: steps.verify-changed-files.outputs.files_changed == 'true'
         run: exit 1
-  
+
   codeql-analyze:
     runs-on: ubuntu-latest
     needs: prerequisite
@@ -263,7 +263,7 @@ jobs:
             const truncatedLogs = logContent.length > maxLogSize ? `...(truncated)...\n${logContent.slice(-maxLogSize)}` : logContent;
 
             const commentBody = `
-            ### 🚀 Performance Test Results  
+            ### 🚀 Performance Test Results
 
             ${summaryContent}
 
@@ -313,7 +313,7 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 5
     needs: [auth, backend, frontend, token-introspection, mock-account-servicing-entity, graphql, codeql-analyze, integration-test]
-    steps: 
+    steps:
       - uses: actions/checkout@v4
       - uses: ./.github/workflows/rafiki/env-setup
       - run: pnpm build
@@ -425,7 +425,7 @@ jobs:
         with:
           path: /tmp/${{ github.sha }}-${{ matrix.package }}-${{ matrix.platform.name }}-${{ needs.version-generator.outputs.version }}.tar
           key: ${{ github.sha }}-${{ matrix.package }}-${{ matrix.platform.name }}-${{ needs.version-generator.outputs.version }}
-  
+
   docker-grype:
     name: Docker Grype Scan
     needs: [version-generator, docker-build]
@@ -519,7 +519,7 @@ jobs:
           platform_name: ${{ matrix.platform.name }}
           version: ${{ needs.version-generator.outputs.version }}
           gh_token: ${{ secrets.GITHUB_TOKEN }}
-  
+
   push-manifest:
     name: Push multi-arch manifest list
     needs: [version-generator,push]
@@ -540,7 +540,7 @@ jobs:
           package: ${{ matrix.package }}
           gh_token: ${{ secrets.GITHUB_TOKEN }}
           version: ${{ needs.version-generator.outputs.version }}
-  
+
   generate-release:
     runs-on: ubuntu-latest
     needs: [push-manifest, version-generator]
@@ -561,7 +561,7 @@ jobs:
           allowUpdates: true
           draft: false
           makeLatest: true
-          prerelease: endsWith(needs.version-generator.outputs.version, '-alpha') 
+          prerelease: endsWith(needs.version-generator.outputs.version, '-alpha')
           name: ${{ needs.version-generator.outputs.version }}
           body: ${{ steps.changelog.outputs.changes }}
           tag: ${{ needs.version-generator.outputs.version }}

bruno/collections/Rafiki/Examples/Vailidating Wallet Address Ownership with Open Payments/Continuation Request.bru

@@ -0,0 +1,33 @@
+meta {
+  name: Continuation Request
+  type: http
+  seq: 8
+}
+
+post {
+  url: {{senderOpenPaymentsContinuationUri}}
+  body: json
+  auth: none
+}
+
+headers {
+  Authorization: GNAP {{continueToken}}
+}
+
+script:pre-request {
+  const scripts = require('./scripts');
+  
+  await scripts.addSignatureHeaders();
+}
+
+script:post-response {
+  const scripts = require('./scripts');
+  
+  scripts.storeTokenDetails();
+}
+
+tests {
+  test("Status code is 200", function() {
+    expect(res.getStatus()).to.equal(200);
+  });
+}

bruno/collections/Rafiki/Examples/Vailidating Wallet Address Ownership with Open Payments/Get sender wallet address.bru

@@ -0,0 +1,58 @@
+meta {
+  name: Get sender wallet address
+  type: http
+  seq: 1
+}
+
+get {
+  url: {{senderWalletAddress}}
+  body: none
+  auth: none
+}
+
+headers {
+  Accept: application/json
+}
+
+script:pre-request {
+  const scripts = require('./scripts');
+  
+  scripts.addHostHeader("senderOpenPaymentsHost");
+}
+
+script:post-response {
+  const url = require('url')
+  
+  if (res.getStatus() !== 200) {
+    return
+  }
+  
+  const body = res.getBody()
+  bru.setEnvVar("senderAssetCode", body?.assetCode)
+  bru.setEnvVar("senderAssetScale", body?.assetScale)
+  
+  const authUrl = url.parse(body?.authServer)
+  if (
+      authUrl.hostname.includes('cloud-nine-wallet') || 
+      authUrl.hostname.includes('happy-life-bank')
+  ){
+      const port = authUrl.hostname.includes('cloud-nine-wallet')? authUrl.port: Number(authUrl.port) + 1000
+      bru.setEnvVar("senderOpenPaymentsAuthHost", authUrl.protocol + '//localhost:' + port + authUrl.path);
+  } else {
+      bru.setEnvVar("senderOpenPaymentsAuthHost", body?.authServer);
+  }
+  
+  const resourceUrl = url.parse(body?.resourceServer)
+  if (resourceUrl.hostname.includes('cloud-nine-wallet') || resourceUrl.hostname.includes('happy-life-bank')) {
+    const port = resourceUrl.hostname.includes('happy-life-bank') ? bru.getEnvVar('happyLifeOpenPaymentsPort') : bru.getEnvVar('cloudNineOpenPaymentsPort')
+      bru.setEnvVar("senderOpenPaymentsHost", 'http://localhost:' + port + resourceUrl.path);
+  } else {
+      bru.setEnvVar("senderOpenPaymentsHost", body?.resourceServer);
+  }
+}
+
+tests {
+  test("Status code is 200", function() {
+    expect(res.getStatus()).to.equal(200);
+  });
+}

bruno/collections/Rafiki/Examples/Vailidating Wallet Address Ownership with Open Payments/Grant Request for Subject Information.bru

@@ -0,0 +1,52 @@
+meta {
+  name: Grant Request for Subject Information
+  type: http
+  seq: 7
+}
+
+post {
+  url: {{senderOpenPaymentsAuthHost}}
+  body: json
+  auth: none
+}
+
+body:json {
+  {
+      "subject": {
+          "sub_ids": [
+            {
+              "id": "{{senderWalletAddress}}",
+              "format": "uri"
+            }
+          ]
+        },
+      "client": "{{clientWalletAddress}}",
+      "interact": {
+          "start": [
+              "redirect"
+          ]
+      }
+  }
+  
+}
+
+script:pre-request {
+  const scripts = require('./scripts');
+  
+  await scripts.addSignatureHeaders();
+}
+
+script:post-response {
+  const scripts = require('./scripts');
+  
+  scripts.storeTokenDetails();
+  
+  const body = res.getBody()
+  bru.setEnvVar("senderOpenPaymentsContinuationUri", body?.continue.uri)
+}
+
+tests {
+  test("Status code is 200", function() {
+    expect(res.getStatus()).to.equal(200);
+  });
+}

bruno/collections/Rafiki/Examples/Vailidating Wallet Address Ownership with Open Payments/folder.bru

@@ -0,0 +1,4 @@
+meta {
+  name: Vailidating Wallet Address Ownership with Open Payments
+  seq: 6
+}

localenv/mock-account-servicing-entity/app/lib/apiClient.ts

@@ -50,7 +50,12 @@ export class ApiClient {
     if (response.status === 200) {
       return {
         isFailure: false,
-        payload: response.data.access,
+        payload: {
+          access: response.data.access,
+          subject: response.data.subject,
+          grantId: response.data.grantId,
+          state: response.data.state
+        },
         contextUpdates: {
           grant: response.data
         }

localenv/mock-account-servicing-entity/app/lib/types.ts

@@ -28,6 +28,11 @@ export interface Access {
   limits?: AccessLimit
 }
 
+export interface SubjectId {
+  id: string
+  format: string
+}
+
 export type InstanceConfig = {
   name: string
   logo: string