diff options
| -rw-r--r-- | api-merchant.rst | 53 | ||||
| -rw-r--r-- | api-mint.rst | 2 | ||||
| -rw-r--r-- | banks.rst | 131 | ||||
| -rw-r--r-- | index.rst | 1 | ||||
| -rw-r--r-- | wallet.rst | 20 |
5 files changed, 179 insertions, 28 deletions
diff --git a/api-merchant.rst b/api-merchant.rst index e82fd158..752b167f 100644 --- a/api-merchant.rst +++ b/api-merchant.rst @@ -59,7 +59,7 @@ wallet active in his browser. So the notification is mutual: We acknowledge that notifying the website leaks the fact that Taler is installed, which could help track or deanonymize users. We believe the usability gained by leaking this one bit represents an acceptable trade off. It would rapidly become -problematic though if several payment options take this approach. +problematic though if several payment options take this approach. Furthermore, there are two scenarios according to which the mutual signaling would succeed. For a page where the merchant wants to show a Taler-style payment @@ -132,7 +132,8 @@ successful response to the following two calls: .. http:post:: /contract Issued by the frontend to the backend when it wants to augment its `proposition` with all the - cryptographic information. + cryptographic information. For the sake of precision, the frontend encloses the following JSON inside a `contract` + field to the actual JSON sent to the backend. :>json object amount: an :ref:`amount <Amount>` indicating the total price for the transaction. Note that, in the act of paying, the mint will subtract from this amount the deposit fees due to the choice of coins made by wallets, and finally transfer the remaining amount to the merchant's bank account. :>json object max_fee: :ref:`amount <Amount>` indicating the maximum deposit fee accepted by the merchant for this transaction. @@ -145,11 +146,14 @@ successful response to the following two calls: :>json object merchant: the set of values describing this `merchant`, defined below :>json base32 H_wire: the hash of the merchant's :ref:`wire details <wireformats>`; this information is typically added by the `backend` :>json base32 H_contract: encoding of the `h_contract` field of contract :ref:`blob <contract-blob>`. Tough the wallet gets all required information to regenerate this hash code locally, the merchant sends it anyway to avoid subtle encoding errors, or to allow the wallet to double check its locally generated copy - :>json array auditors: a JSON array of `auditor` objects. The wallets might concievably insist on sharing using only a mint audited by certian auditors. - :>json string pay_url: the URL where the merchant will receive the deposit permission (i.e. the payment) - :>json array mints: a JSON array of `mint` objects. The wallet must select a mint that the merchant accepts. + :>json array auditors: a JSON array of `auditor` objects. Any mints audited by these auditors are accepted by the merchant. + :>json string pay_url: the relative URL where the merchant will receive the deposit permission (i.e. the payment) + :>json string exec_url: FIXME + :>json array mints: a JSON array of `mint` objects that the merchant accepts even if it does not accept any auditors that audit them. :>json object locations: maps labels for locations to detailed geographical location data (details for the format of locations are specified below). The label strings must not contain a colon (`:`). These locations can then be references by their respective labels throughout the contract. + The wallet must select a mint that either the mechant accepts directly by listing it in the mints arry, or for which the merchant accepts an auditor that audits that mint by listing it in the auditors array. + The `product` object focuses on the product being purchased from the merchant. It has the following structure: :>json string description: this object contains a human-readable description of the product @@ -182,6 +186,8 @@ successful response to the following two calls: The `auditor` object: :>json string name: official name + :>json base32 auditor_pub: public key of the auditor + :>json string uri: URI of the auditor The `mint` object: @@ -252,25 +258,13 @@ for example by updating the DOM to enable the respective button. The following events are needed when one of the two parties leaves the scenario. -First, if the Taler extension is unloaded while the user is +If the Taler extension is unloaded while the user is visiting a checkout page, the page should listen for the .. js:data:: taler-unload event to hide the Taler payment option. -Secondly, when the Taler extension is active and the user closes or navigates -away from the checkout page, the page should listen to a - - .. js:data:: taler-navigating-away - -event, and reply with a - - .. js:data:: taler-checkout-away - -event, in order to notify the extension that the user is leaving a checkout -page, so that the extension can change its color back to its default. - The following source code highlights the key steps for adding the Taler signaling to a checkout page: @@ -387,9 +381,11 @@ cookies to identify the shopping session. :status 200 OK: The request was successful. :resheader Content-Type: application/json - :>json base32 contract: a :ref:`JSON contract <contract>` for this deal. + :>json base32 contract: a :ref:`JSON contract <contract>` for this deal deprived of `pay_url` and `exec_url` :>json base32 sig: the signature of the binary described in :ref:`blob <contract-blob>`. - :>json base32 h_contract: the base32 encoding of the field `h_contract` of the contract's :ref:`blob <contract-blob>` + :>json string pay_url: relative URL where the wallet should issue the payment + :>json string exec_url: FIXME + :>json base32 H_contract: the base32 encoding of the field `h_contract` of the contract's :ref:`blob <contract-blob>` **Failure Response** @@ -399,6 +395,8 @@ cookies to identify the shopping session. :status 500 Internal Server Error: In most cases, some error occurred while the backend was generating the contract. For example, it failed to store it into its database. +.. _deposit-permission: + .. http:post:: /taler/pay Send the deposit permission to the merchant. Note that the URL may differ between @@ -423,10 +421,7 @@ cookies to identify the shopping session. **Success Response:** - :status 200 OK: the payment has been received. - :resheader Content-Type: text/html - - In this case the merchant sends back a `fullfillment` page in HTML, which the wallet will make the new `body` of the merchant's current page. It is just a confirmation of the positive transaction's conclusion. + :status 301 Redirection: the merchant should redirect the client to his fullfillment page, where the good outcome of the purchase must be shown to the user. **Failure Responses:** @@ -473,13 +468,17 @@ The following API are made available by the merchant's `backend` to the merchant :reqheader Content-Type: application/json - The `frontend` passes the deposit permission received from the wallet, by adding the field `max_fee` (see :ref:`contract`) and optionally adding a field named `edate`, indicating a deadline by which he would expect to receive the bank transfer for this deal + The `frontend` passes the :ref:`deposit permission <deposit-permission>` received from the wallet, by adding the fields `max_fee`, `amount` (see :ref:`contract`) and optionally adding a field named `edate`, indicating a deadline by which he would expect to receive the bank transfer for this deal **Success Response: OK** :status 200 OK: The mint accepted all of the coins. The `frontend` should now fullfill the contract. This response has no meaningful body, the frontend needs to generate the fullfillment page. - **Failure Responses:** + **Failure Responses: Bad mint** + + :status 400 Precondition failed: The given mint is not acceptable for this merchant, as it is not in the list of accepted mints and not audited by an approved auditor. + - The `backend` will return verbatim the error codes received from the mint's :ref:`deposit` API. If the wallet made a mistake, like by double-spending for example, the `frontend` should pass the reply verbatim to the browser/wallet. This should be the expected case, as the `frontend` cannot really make mistakes; the only reasonable exception is if the `backend` is unavailable, in which case the customer might appreciate some reassurance that the merchant is working on getting his systems back online. + **Failure Responses: Mint trouble** + The `backend` will return verbatim the error codes received from the mint's :ref:`deposit <deposit>` API. If the wallet made a mistake, like by double-spending for example, the `frontend` should pass the reply verbatim to the browser/wallet. This should be the expected case, as the `frontend` cannot really make mistakes; the only reasonable exception is if the `backend` is unavailable, in which case the customer might appreciate some reassurance that the merchant is working on getting his systems back online. diff --git a/api-mint.rst b/api-mint.rst index 1db9d685..b97c91a3 100644 --- a/api-mint.rst +++ b/api-mint.rst @@ -651,6 +651,7 @@ interception. :>json object sign_info: Public part of the signing key :>json base32 sign_priv: Private EdDSA key +.. _add-incoming: ------------------------------------- Administrative API: Bank transactions @@ -718,7 +719,6 @@ Administrative API: Bank transactions :>json string error: the error message (`permission denied`) :>json string hint: hint as to why permission was denied - ------------ The Test API ------------ diff --git a/banks.rst b/banks.rst new file mode 100644 index 00000000..c6565261 --- /dev/null +++ b/banks.rst @@ -0,0 +1,131 @@ +=================================== +Interaction with banks Web portals +=================================== + +This section describes the interactions that should occur between +a wallet and a bank which chooses to adapt its Web portal to interact +with the Taler wallet. This interaction is supposed to occur when +the user is sending a SEPA transfer to some mint (i.e. he is creating +a new reserve). + +Through this interaction, the wallet can generate a new reserve's public +key and insert it into the 'subject' field of the transfer without manual +copy&paste. Secondly, the wallet is then able to fetch the amount to be +tranferred to the mint directly from the Web form, in order to poll the mint +to check if the desired amount has been transferred. + +---------------------- +Mutual acknowledgement +---------------------- + +The mutual acknowledgement between a wallet and a bank portal occurs when +the user is on the page which hosts the SEPA form, and is realized by the +mean of JavaScript signals issued on the `body` HTML element. + +When the bank wants to notify to a wallet, it sends the following event: + + .. js:data:: taler-wire-probe + +This event must be sent from a callback for the `onload` event of the +`body` element, otherwise the extension would have not time to +register a listener for this event. It also needs to be sent when +the Taler extension is dynamically loaded, like when the user activates +the extension while he is on the SEPA form page. This is done by +listening for the + + .. js:data:: taler-load + +event. If the Taler extension is present, it will respond with a + + .. js:data:: taler-wallet-present + +event. The handler should then activate its mechanism to trigger the generation +of a new reserve key in the wallet, for example by updating the DOM to enable a +dedicated button. + +If the Taler extension is unloaded while the user is visiting a SEPA form page, +the page should listen for a + + .. js:data:: taler-unload + +event, in order to hide the previously enabled button. + +------------------------- +How to trigger the wallet +------------------------- + +This interaction will make the wallet generate a new reserve public key, +as well as allowing the user to choose his wanted mint. Finally, the wallet +will directly paste this information inside the SEPA form and submit it. +Lastly, it allows the wallet to fetch the desired amount to be transferred +to the mint from the SEPA form. Typically, this trigger is initiated by the +user pushing a button while he is on the page which hosts the SEPA Web form. + +The wallet listens to a + + .. js:data:: taler-create-reserve + +event, through which it expects to receive the following object: + +.. sourcecode:: javascript + + {form_id: sepa-form-id, + input_amount: input-amount-id, + input_pub: input-pub-id, + mint_rcv: receiving-money-mint} + +`input_amount` is the `id` attribute of the HTML `input` element which +hosts the amount to wire to the desired mint. Please note that the wallet will +only accept amounts of the form `n[.x[y]] CUR`, where `CUR` is the ISO code +of the specified currency. So it may be necessary for the bank's webmaster to +preprocess this data to give it to the wallet in the right format. + +`input_pub` must be the `id` attribute of the `input` element within the form +which represents this SEPA transfer's "subject". +`form_id` must be the `id` attribute of the SEPA `form` element (needed by the wallet to +call `submit()` on it). +Finally, `mint_rcv` is the `id` attribute of the `input` element within the form +from which the server side handler of this form will fetch the mint base URL to issue +`/admin/add/incoming` on; see :ref:`add-incoming`. + +The following source code highlights the key steps for adding the Taler button +to trigger the wallet on a SEPA form page: + +.. sourcecode:: javascript + + function has_taler_wallet_callback(aEvent){ + // This function is called if a Taler wallet is available. + // suppose the radio button for the Taler option has + // the DOM ID attribute 'taler-wallet-trigger' + var tbutton = document.getElementById("taler-wallet-trigger"); + tbutton.removeAttribute("disabled"); + }; + + function taler_wallet_load_callback(aEvent){ + // let the Taler wallet know that this is a SEPA form page + // which supports Taler (the extension will have + // missed our initial 'taler-wire-probe' from onload()) + document.body.dispatchEvent(new Event('taler-wire-probe')); + }; + + function taler_wallet_unload_callback(aEvent){ + // suppose the button which triggers the wallet has + // the DOM ID attribute 'taler-wallet-trigger' + var tbutton = document.getElementById("taler-wallet-trigger"); + tbutton.setAttribute("disabled", "true"); + }; + +.. sourcecode:: html + + <body onload="function(){ + // First, we set up the listener to be called if a wallet is present. + document.body.addEventListener("taler-wallet-present", has_taler_wallet_callback, false); + // Detect if a wallet is dynamically added (rarely needed) + document.body.addEventListener("taler-load", taler_wallet_load_callback, false); + // Detect if a wallet is dynamically removed (rarely needed) + document.body.addEventListener("taler-unload", taler_wallet_unload_callback, false); + // Finally, signal the wallet that this is a payment page. + document.body.dispatchEvent(new Event('taler-wire-probe')); + };"> + ... + </body> @@ -31,6 +31,7 @@ Protocol Specification: api-mint api-merchant + banks Implementation: @@ -11,6 +11,26 @@ The Wallet Reference This section explains how to set up a wallet. It is worth noting that there are two versions for this componenet - one browser based and the other implemented as an `app` for mobile systems. +------- +General +------- + +Mints and merchants have a base URL for their service. This URL *must* be in a +canonical form when it is stored (e.g. in the wallet's database) or transmitted +(e.g. to a bank page). + +1. The URL must be absolute. This implies that the URL has a schema. +2. The path component of the URL must end with a slash. +3. The URL must not contain a fragment or query. + +When a user enters a URL that is, technically, relative (such as "alice.example.com/mint"), wallets +*may* transform it into a canonical base URL ("http://alice.example.com/mint/"). Other components *should not* accept +URLs that are not canonical. + +Rationale: Joining non-canonical URLs with relative URLs (e.g. "mint.example.com" with "reserve/status") +results in different and slightly unexpected behavior in some URL handling libraries. +Canonical URLs give more predictable results with standard URL joining. + -------------------- Browser based wallet -------------------- |