interledger
POST Initial grant request throws 500
In local dev setup
POST http://localhost:3006/
with body
{
"access_token": {
"access": [
{
"type": "incoming-payment",
"actions": [
"create", "read", "list", "complete"
]
}
]
},
"client": {
"display": {
"name": "Timon",
"uri": "https://example.com"
},
"key": {
"proof": "httpsig",
"jwk": {
"alg": "EdDSA",
"kty": "OKP",
"use": "sig",
"crv": "Ed25519",
"kid": "http://fynbos/keys/12345",
"x": "test-public-key"
}
}
},
"interact": {
"start": [
"redirect"
],
"finish": {
"method": "redirect",
"uri": "http://example.org",
"nonce": "123"
}
}
}
throws 500:
InternalServerError: response must be null
at Object.throw (/workspace/node_modules/.pnpm/[email protected]/node_modules/koa/lib/context.js:97:11)
at /workspace/packages/openapi/dist/middleware.js:22:22
at processTicksAndRejections (node:internal/process/task_queues:96:5)
at async bodyParser (/workspace/node_modules/.pnpm/[email protected]/node_modules/koa-bodyparser/index.js:95:5)
at async session (/workspace/node_modules/.pnpm/[email protected]/node_modules/koa-session/index.js:41:7)
What version of OpenAPI (or what commit of the AS) was this tried on? I have it working on this branch that's pending a merge: https://github.com/interledger/rafiki/tree/nl-use-split-openapi
I just also tried on your branch but it had the same result
sabine@Spike ~/git/coil/rafiki nl-use-split-openapi docker logs local-auth-1 1 ↵ 3392 20:38:17
{"level":30,"time":1666924659034,"pid":1,"hostname":"863724ce11b1","msg":"creating knex"}
{"level":30,"time":1666924661871,"pid":1,"hostname":"863724ce11b1","msg":"Auth server listening on 3006"}
InternalServerError: response must be null
at Object.throw (/workspace/node_modules/.pnpm/[email protected]/node_modules/koa/lib/context.js:97:11)
at /workspace/packages/openapi/dist/middleware.js:22:22
at processTicksAndRejections (node:internal/process/task_queues:96:5)
at async bodyParser (/workspace/node_modules/.pnpm/[email protected]/node_modules/koa-bodyparser/index.js:95:5)
at async session (/workspace/node_modules/.pnpm/[email protected]/node_modules/koa-session/index.js:41:7)
Is something wrong with my grant request? It shouldn't given that error message but I just wanted to make sure.
I tried this using your grant request. The only things I changed where:
-
client.key.jwk.kid: Tolocalhostso it would point to my mock account provider -
client.key.jwk.x: To the public key I was using to sign signatures.
I also had to generate signatures to sign the request.
It might be failing httpsig validation. If it got an expected status code, but expects a null body, then it was likely returning a 400 which can be thrown in the signature verification middleware. The only place where it gets thrown in the actual business logic for grant initiation would be if interact is missing in the body, which doesn't look like is the case here.
I'm seeing that error (in postman with Signature/Signature-Input headers as TODO).
Logging (added here) shows the response as:
local-auth-1 | {
local-auth-1 | status: 400,
local-auth-1 | message: 'Bad Request',
local-auth-1 | header: [Object: null prototype] {
local-auth-1 | 'content-type': 'application/json; charset=utf-8'
local-auth-1 | },
local-auth-1 | body: { error: 'invalid_request', message: 'invalid signature headers' }
local-auth-1 | }
Should the OpenAPI spec be updated with such error response bodies for 400?
https://github.com/interledger/open-payments/blob/1e3e118d8b22c5d2942f972e28ebf0f0114d04f5/openapi/auth-server.yaml#L75-L76
