kych

OAuth 2.0 API for Swiyu to enable Taler integration of Swiyu for KYC (experimental)
Log | Files | Refs
commit e8c9a4168f10f8396e5131d3c03aab423bdc0295
parent 5d65d064190aa64ddaf01cb9f99e4451fea36ece
Author: Henrique Chan Carvalho Machado <henriqueccmachado@tecnico.ulisboa.pt>
Date:   Tue,  9 Dec 2025 11:27:52 +0100

oauth2_gateway: change webhook post to get

Diffstat:

Moauth2_gateway/src/db/sessions.rs | 4++--


Moauth2_gateway/src/handlers.rs | 42+++++++++++++-----------------------------


2 files changed, 15 insertions(+), 31 deletions(-)

diff --git a/oauth2_gateway/src/db/sessions.rs b/oauth2_gateway/src/db/sessions.rs
@@ -309,8 +309,8 @@ pub async fn verify_session_and_queue_notification(
             RETURNING code
         )
         INSERT INTO oauth2gw.notification_pending_webhooks
-            (session_id, client_id, url, body, next_attempt)
-        VALUES ($2, $5, $6, $7, 0)
+            (session_id, client_id, url, http_method, body, next_attempt)
+        VALUES ($2, $5, $6, 'GET', $7, 0)
         RETURNING (SELECT code FROM inserted_code)
         "#,
         timestamp_field
diff --git a/oauth2_gateway/src/handlers.rs b/oauth2_gateway/src/handlers.rs
@@ -678,35 +678,19 @@ pub async fn notification_webhook(
     // Generate authorization code
     let authorization_code = crypto::generate_nonce();
 
-    // Construct webhook URL from redirect_uri and state
-    let webhook_url = if let Some(redirect_uri) = &session_data.redirect_uri {
-        if let Some(state) = &session_data.state {
-            format!("{}?state={}", redirect_uri, state)
-        } else {
-            redirect_uri.clone()
-        }
-    } else {
-        session_data.webhook_url.clone()
-    };
-
-    // Build webhook body for client notification
-    let client_notification = ClientNotification {
-        nonce: session_data.nonce.clone(),
-        status: status_str.to_string(),
-        code: authorization_code.clone(),
-        verification_id: webhook.verification_id,
-        timestamp: webhook.timestamp.clone(),
-    };
-
-    let webhook_body = match serde_json::to_string(&client_notification) {
-        Ok(b) => b,
-        Err(e) => {
-            tracing::error!("Failed to serialize client notification: {}", e);
-            return StatusCode::OK;
-        }
-    };
+    // Construct GET request URL: redirect_uri?code=XXX&state=YYY
+    let redirect_uri = session_data.redirect_uri.as_ref()
+        .unwrap_or(&session_data.webhook_url);
+    let state = session_data.state.as_deref().unwrap_or("");
+
+    let webhook_url = format!(
+        "{}?code={}&state={}",
+        redirect_uri,
+        authorization_code,
+        state
+    );
 
-    // Update session, create auth code, and queue webhook
+    // Update session, create auth code, and queue webhook (GET request, empty body)
     match crate::db::sessions::verify_session_and_queue_notification(
         &state.pool,
         session_data.session_id,
@@ -715,7 +699,7 @@ pub async fn notification_webhook(
         10, // 10 minutes for auth code expiry
         session_data.client_id,
         &webhook_url,
-        &webhook_body,
+        "",  // Empty body for GET request
         swiyu_result.wallet_response.as_ref(),
     )
     .await