guardian icon indicating copy to clipboard operation
guardian copied to clipboard
verified publisher icon hashgraph

User Session API response

Open mattsmithies opened this issue 1 year ago • 1 comments

Problem description

I am currently in research mode with regards to the Guardian, and then writing clients on top of it, in this case, I am looking at the session response for a particular user the standard registry.

It seems that there are particular elements of this response that may not be required, or a duplicate/redundant.

Requirements

Take a look at this response, payload, and consider which items can be removed or are redundant in the case of a user session.

Response

This code/response is taken from ray, we use it for login for development for our PHP/Laravel projects.

{#749▶
  +"status_code": 200
  +"reason": "OK"
  +"_id": "660ebbf28d1944bb22c2ee35"
  +"createDate": "2024-04-04T14:40:50.967Z"
  +"updateDate": "2024-04-05T13:15:19.385Z"
  +"username": "dovuauthority"
  +"password": "8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92"
  +"did": "did:hedera:testnet:4B3w2XcrWSnQjTeAc7EGB3QhU75HzdzrxVBeemw26Qjy_0.0.3981186"
  +"parent": null
  +"walletToken": ""
  +"hederaAccountId": "0.0.3644072"
  +"role": "STANDARD_REGISTRY"
  +"refreshToken": "a91ba898-f71e-4953-b4bc-fdd2cc8af482"
  +"id": "660ebbf28d1944bb22c2ee35"
}

A couple of things:

  • _id and id are the same
  • status_code and reason shouldn't be part of the response, this should be header only (non-issue)
  • the refreshToken in this context seems wrong
  • the password "hash" might not be appropriate here
  • what does "parent" and "walletToken" relate to?

Definition of done

Envision/Team is satisfied with the response of this API response, and every field is meaningful.

mattsmithies avatar Apr 05 '24 13:04 mattsmithies

Appending of status_code and reason is a non-issue in this report, we previously wrote the logic into our middleware API/SDK so we were able to catch 500s or other historic suspect status codes from Guardian and change logic accordingly.

mattsmithies avatar Apr 10 '24 14:04 mattsmithies

Hey @mattsmithies, we've removed redundant fields. The response will now look like this: export const REQUIRED_PROPS = { STATUS_CODE: 'status_code', REASON: 'reason', USER_NAME: 'username', DID: 'did', PARENT: 'parent', HEDERA_ACCOUNT_ID: 'hederaAccountId', ROLE: 'role', ID: 'id', }; Thanks for issue.

ihar-tsykala avatar May 27 '24 15:05 ihar-tsykala