-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
API Design : UNAUTHENTICATED 401 #128
Comments
To follow the Open Gateway and CAMARA aim where a developer should not need to change their code to connect to any CAMARA API the format should be followed. To not follow this will cause developers and operators in federation to complicate their implementations and introduce errors and failures. My view would be for you to you raise internally to have the correct/custom response to your authorisation calls within your implementation. Happy to aid in that process if needed. |
Hi Mark, I am checking internally if there is any way to modify it. So, my suggestion is to align the GSMA design guidelines with universally accepted format, why are we changing it. Regards |
Not sure I understand this completely. Camara uses the OIDC standard which defines several error codes 3.1.2.6. Authentication Error Response 5.3.3. UserInfo Error Response CIBA Authentication Error Response Also, there is the OAuth2 error registry The following is definitely non-standard:
Whenever OIDC and OAuth2 are used in Camara the error responses MUST follow the respective OIDF and IETF standard. |
To be indicated in PR #213 |
ISSUE
I am using IBM API Connect as a gateway where I don't have the control over internal authorization server. Due to this if any request fails due to the authorization issue, then it throws an error in the below format:
{
"httpCode": "401",
"httpMessage": "Unauthorized",
"moreInformation": "Invalid client id or secret."
}
Whereas expected CAMARA format is:
{
"status": 401,
"code": "UNAUTHENTICATED",
"message": "Request not authenticated due to missing, invalid, or expired credentials."
}
In this case the request gets rejected at the server level itself and it doesn't reach till my code to handle it. Due this I am unable to change the response format.
Currently, I am working with GSMA to close the certification for Sim Swap service but due to this particular use case it is not done.
My suggestion is to ignore this use case for certification as I am sure other MNO's will also face this limitation.
The text was updated successfully, but these errors were encountered: