Handle expired interactions gracefully #3318

mkurapov · 2025-02-24T13:55:35Z

Context

After looking through the test wallet issue [BUG] Internal server error when taking too long to accept/decline grant testnet#1917, we noticed that we can handle the interaction expiry error better in the auth service
First, we need to return proper errors in the interaction routes, such that the IDP can know why the interaction choice call failed (like expiry). This is being done in feat(auth): use gnap error middleware on idp api #3094.
Second, in the finish route handler, instead of checking the session nonce first, we should check that the interaction has expired. If it has, we should redirect back to the client redirect URI with result=interaction_expired query param. If not expired, we should then check the session nonce.
In general, other than the invalid session error, we should always redirect back to the client with the corresponding query param in the URL.

feat(auth): use gnap error middleware on idp api #3094 is completed
Check interaction expiry before session token in finish route
Make sure to always redirect to client with a query param in finish route on errors (other than the invalid session error)

The text was updated successfully, but these errors were encountered:

github-project-automation bot added this to Rafiki Feb 24, 2025

github-project-automation bot moved this to Backlog in Rafiki Feb 24, 2025

mkurapov added the pkg: auth Changes in the GNAP auth package. label Feb 24, 2025