[Compliance] If `needs_auth` is true, `sanctions` callback should be used before completing `/send`

[Mr0grog]

It’s possible I’m misunderstanding the flow here, but when posting to the compliance server’s internal /send endpoint, it seems like the sanctions callback should be called with the info obtained from the foreign compliance server before returning a 200 OK response. Step 6 in the compliance protocol doc would seem to indicate the same.

As it stands, setting needs_auth merely tells the other compliance server to send back info on the receiver (which it does), but then does nothing with that info other than pass it back in the result to /send. If the entity that called /send was the bridge server, we also know the bridge server does nothing with this info.

[samBrba]

Is there any improvements concerning this issue ?