Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enforce receiver field in outgoing payment grant creation #3112

Open
1 task
mkurapov opened this issue Nov 20, 2024 · 0 comments · May be fixed by #3248
Open
1 task

Enforce receiver field in outgoing payment grant creation #3112

mkurapov opened this issue Nov 20, 2024 · 0 comments · May be fixed by #3248
Assignees
@cozminu
Labels
pkg: auth Changes in the GNAP auth package. pkg: backend Changes in the backend package.

Comments

@mkurapov
Copy link
Contributor

mkurapov commented Nov 20, 2024
edited
Loading

Context

Currently, the Open Payments AS spec allows to specify a receiver field as part of the outgoing payment limits for grant creation, which specifies for which incoming payment outgoing payments can be created under.
Even though this field is spec'ed out in Open Payments, we do not enforce it in Rafiki (receiver field is ignored).

Todos

  • If an outgoing payment is trying to be created under a grant that has a different receiver (incoming payment) than the one the outgoing payment is paying into, we should fail with a 403 (forbidden) error
@github-project-automation github-project-automation bot moved this to Backlog in Rafiki Nov 20, 2024
@mkurapov mkurapov added pkg: backend Changes in the backend package. pkg: auth Changes in the GNAP auth package. labels Nov 20, 2024
@mkurapov mkurapov moved this from Backlog to Todo in Rafiki Jan 14, 2025
@mkurapov mkurapov moved this from Todo to In Progress in Rafiki Jan 28, 2025
@cozminu cozminu linked a pull request Jan 28, 2025 that will close this issue
Open
3 tasks
@cozminu cozminu moved this from In Progress to Ready for Review in Rafiki Jan 28, 2025
@cozminu cozminu moved this from Ready for Review to In Progress in Rafiki Jan 29, 2025
@mkurapov mkurapov moved this from In Progress to Ready for Review in Rafiki Jan 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cozminu cozminu

Labels
pkg: auth Changes in the GNAP auth package. pkg: backend Changes in the backend package.
Projects
Rafiki
Status: Ready for Review
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(backend): check grant receiver to match quote receiver interledger/rafiki
2 participants
@cozminu @mkurapov