-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consider allowing a client to request information about an exchange via non-empty post body #387
Comments
An alternative to this is to allow a non-authorized GET on the exchange endpoint, but this might be more complex. |
The group discussed this on the 2024-06-18 telecon: @PatStLouis noted that a GET might make more sense and @msporny mentioned that its not clear why a GET would be more complex. A concrete use case was also not provided so it was difficult for the group to determine how this feature would be used. @PatStLouis noted that if a client wanted to continue an exchange, but doesn't know what state its at, but tried to move exchange forward but it didn't work, could be useful for client to know current state of exchange. @jrhender wondered how this is different from the "Get Exchange State" endpoint -- perhaps that endpoint could be extended for the use case that @dlongley has in mind. @wes-smith noted that this issue is not proposing a solution to status. POST'ing an empty body will say what the exchange wants and @wes-smith noted that that might not be the concrete use case that we need to look at. The group needs more information from @dlongley on this issue before we can discuss the benefits of each solution. |
Usually, when an exchange URL is received by a client, information about what that exchange URL is for (or what can be expected to happen when posting to it) is also included with the exchange URL. However, a client that does not trust this information (or that does not receive it) might want to ask the exchange what will happen if the client executes the exchange, prior to executing it. For example, if POSTing an empty JSON object to an exchange URL will immediately issue a VC, but this was unexpected by the client, then this might be an undesirable outcome. A client might instead desire to see some information about what will be issued / what the exchange will do prior to executing it. Note: This scenario can be contrasted to an exchange that returns a VPR when posting an empty JSON body to it, which provides some information about what is required to proceed with the exchange before any VCs might be issued. However, even here the client relies on external context / out-of-band information to know what it will do once the VPR has been satisfied in a subsequent POST. So, while a lot of use cases are covered by relying on trusted out-of-band information being associated with an exchange URL, it might also be nice to enable exchanges to report this kind of information when queried by consumers of (as opposed to creators of) the exchange. Notably, these consumers do not need to have an existing relationship with the exchange server (workflow service) nor do their clients need any authorization credentials. So the kind of information returned in response to such a query must be appropriately tailored for the consumer, i.e., it should not reveal information intended only for the creator of the exchange.
The current way to get the full state of the exchange (as the creator of the exchange) is to use |
The group discussed this on the 2024-06-25 telecon: There was general agreement that this could be supported via the client requesting a |
When a client is starting an exchange, it should be able to send a signal in a non-empty post body to request information about what action the exchange will perform prior to triggering that action. Some exchanges do not send a VPR and immediately issue one or more VCs -- and issuance is performed immediately in response to an empty post body. It would be nice to have an optional feature to show what will be issued to the client prior to issuance, even though a client or user should have received contextual information about that exchange prior to using it.
The text was updated successfully, but these errors were encountered: