Issuer API is turning 1.0-compliant badges into 0.5 badges #1029
Comments
|
We are finding that the import of a 1.0 badge is having data added to it. See _location. Not sure why. Once this data is added, the validation JSON is not the same. So, the badge won't validate. |
|
For further reference, this issue is only occurring for badges that use the Issuer API to award a badge to a user's Backpack account by passing in the assertion. If a baked badge is passed in via the Issuer API, or if one is uploaded manually by the user, the baked information isn't changed. IssuerAddBadgeFromAssertion is calling the normalizeAssertion utility after validating the original assertion. It looks like the bulk of this part of the procedure was developed before the Backpack began hosting saveable baked images (an essential feature) or even before the 1.0 release of the standard. When baking the awarded badges was added onto the awarding procedure, it was implemented as an add-on to the end of this process, using the "normalized" assertion, and further ensuring a verify.url was added even though that wasn't part of the 0.5 standard. As much sense as the provenance of this feature makes, I don't think the resulting baked badges are compliant with the OBI standard, as it exists. The standard implementation instructions tell us that It seems much more appropriate to bake the original assertion into the badge, provided that it has passed validation and Backpack wishes to move forward with awarding the badge to a user's account. Even as old as this issue is, I think this is a pretty high-importance fix. I'd be willing to contribute a little code myself, but I have not done any development on the Backpack yet, and I don't know its testing infrastructure. |
|
Still trying to catch up here a bit, but I agree that baked badges should reflect the assertion as it comes in without any internal mucking about the backpack might do otherwise. The backpack is a bit sloppy right now about intermingling internal representations with passed in data, and I believe that's the origin of any fields with a leading underscore you might be seeing, like _location. Undoing that is a bit trickier. I feel that the right way to do it is with an abstraction on top of badge versions within the code so that the code doesn't have to care (as much) about spec versions, and handling for future spec versions can be added by building subclasses instead of adding |
|
Oh, well I'm also seeing a more direct fix we could try. I think part of the wackiness here is that we used to bake URLs into the image, but now even if we get passed a url, we want to fetch that and then bake the data. The code just wasn't structured to let us do that before normalizing, but I think there might be a quicker fix to pass along the fetched data to where it can be baked. I'll see if I can get something together for testing. |
|
Proposed solution in #1032. Would be good to get it up somewhere and throw a bunch of different assertions at it to make sure everyone's expectations are properly met. |
|
We can do some testing from Achievery when you're ready. On Aug 7, 2014, at 11:48 AM, Mike Larsson [email protected] wrote:
|
|
Thanks, @stenington (and @kayaelle for offer of testing). The code looks good to the eye. Are you going to spin this up on a staging server somewhere that we could point at, or did you need somebody else to give that a try. I could potentially check it out ~around Saturday. |
|
I'd like to test as well, if you can tell where to do this. Eric _"Trust only credentials that are TrueCred_™ verified."Eric Korb, President/CEO - accreditrust.com On Thu, Aug 7, 2014 at 1:59 PM, Nate Otto [email protected] wrote:
|
|
Try it against http://stenington.org:8888 and see how it works. If that url isn't up, let me know. |
|
Works perfectly for me; your code correctly baked the input assertion without modification, which is the safest route I think. I think we might need to make a breaking change at 2.0 to the standard before we can implement modifiable-after-the-fact baked assertions, though I think there are some great possibilities there to investigate. {
"uid": "ottonomy-the-swindler-1",
"recipient": {
"type": "email",
"hashed": true,
"salt": "coarsekosher",
"identity": "sha256$ff80caeeea3342f16692d99dfe4c0d4c426be3c69d86948c3e91aa5ca52f6208"
},
"issuedOn": "2014-01-03T21:42:21.092Z",
"badge": "http://ottonomy.net/manualbadges/badgeclass-badge-swindler.json",
"verify": {
"type": "hosted",
"url": "http://gator3046.hostgator.com/~ottonomy/manualbadges/assertions/swindler/ottonomy-the-swindler-1.json"
}
}That indeed exactly deepEquals my hosted JSON at http://gator3046.hostgator.com/~ottonomy/manualbadges/assertions/swindler/ottonomy-the-swindler-1.json This was a weird badge for me to use to test on, but it was closest at hand when I created the issue. 👍 Thanks. If @erickorb and @kayaelle can do a little higher-volume testing, that would be great. |
|
Did this ever get pulled into the real working backpack? What should be done about all the baked images that are in the backpack that are not 1.0 compliant despite being baked from 1.0 compliant assertions? I'm building a JSON-schema based validator, and I will probably just make a schema for this legacy format. Then we can move forward talking about how we should actually embed badgeclass and issuer information into baked assertions (and whether that should be done as hosted as well). |
|
Ping @cmcavoy @stenington -- Just tested again -- it looks like http://backpack.openbadges.org is still baking non-compliant badges. Who can fix this? |
|
Hi ottonomy, Do assertion data .json file and verify .json file will have same data ? here is the detail
By passing assertion to bakerAPI I getting following error _"name" : "openbadges-backpack", then I follow the Assertion Information for the Uninitiated link. As per link the verify object should have only type and URL.
OS: Windows 7 pro 64bit Any hint or suggestion regarding this? |
|
I am able to solve baking issue by using compatible node js version. The app (openbadges-backpack) is using engine 0.10.30 while I am using latest 4.4.5. So I need to downgrade node js version and it works like charm. Also I found that assertion json file data and verify json file data must be same in case of hosted type. Hope this help someone. Thanks |
|
There is certainly further development required in order to support newer badge specs properly. |
Hi, backpack team. I created this assertion and hosted it, built a page to use the Issuer API over JavaScript to bake this badge and put it in my backpack. Here's the hosted assertion:
{ "uid": "ottonomy-the-swindler-1", "recipient": { "type": "email", "hashed": true, "salt": "coarsekosher", "identity": "sha256$ff80caeeea3342f16692d99dfe4c0d4c426be3c69d86948c3e91aa5ca52f6208" }, "issuedOn": "2014-01-03T21:42:21.092Z", "badge": "http://ottonomy.net/manualbadges/badgeclass-badge-swindler.json", "verify": { "type": "hosted", "url": "http://gator3046.hostgator.com/~ottonomy/manualbadges/assertions/swindler/ottonomy-the-swindler-1.json" } }Then I downloaded the badge from my backpack collection. The assertion baked into the badge by the Issuer API is this:
{ "uid": "ottonomy-the-swindler-1", "recipient": "sha256$ff80caeeea3342f16692d99dfe4c0d4c426be3c69d86948c3e91aa5ca52f6208", "issuedOn": "2014-01-03T21:42:21.092Z", "badge": { "name": "Master Badge Swindler", "description": "This user has created their own properly formed Open Badge by hand, except that reputable upstanding organization ottonomy.net surely wouldn't ever issue such a badge. If you're seeing this badge in someone's backpack, it means they're a master badge swindler. Can you figure out how they did it?", "image": "http://ottonomy.net/manualbadges/badge-swindler.png", "criteria": "http://ottonomy.net/manualbadges/swindler-badge-criteria.html", "issuer": { "name": "Nate Otto", "url": "http://ottonomy.net", "description": "Personal website of Nate Otto", "email": "[email protected]", "_location": "http://ottonomy.net/manualbadges/issuer.json", "origin": "http://ottonomy.net" }, "_location": "http://ottonomy.net/manualbadges/badgeclass-badge-swindler.json" }, "verify": { "type": "hosted", "url": "http://gator3046.hostgator.com/~ottonomy/manualbadges/assertions/swindler/ottonomy-the-swindler-1.json" }, "_originalRecipient": { "type": "email", "hashed": true, "salt": "coarsekosher", "identity": "sha256$ff80caeeea3342f16692d99dfe4c0d4c426be3c69d86948c3e91aa5ca52f6208" }, "salt": "coarsekosher", "issued_on": "2014-01-03T21:42:21.092Z" }Excepting for a validation error because I used a full timestamp instead of just YYYY-MM-DD this badge passes the Validator, but says that it's passing on the 0.5 spec path, not the 1.0 spec path, as I had originally asserted the badge. You can see some differences: for example, look at the recipient field of the assertion. It has been flattened to 0.5 style.
I find this kind of strange. Had an unrelated error with a baked badge that led me down this path of exploration.
CC: @brianloveswords, @cmcavoy @threeqube
The text was updated successfully, but these errors were encountered: