taler-docs

Documentation for GNU Taler components, APIs and protocols
Log | Files | Refs | README | LICENSE
commit 625b293709e343ae2c44b3796f55fd5a1c541ce2
parent 85a81284410e5a940a56803fbc9d4993fd426ea3
Author: Florian Dold <florian@dold.me>
Date:   Wed, 30 Jul 2025 12:59:15 +0200

DD64: add missing kyc auth transfer logic

Diffstat:

Mdesign-documents/064-kyc-operation-algo.rst | 16++++++++++++----


1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/design-documents/064-kyc-operation-algo.rst b/design-documents/064-kyc-operation-algo.rst
@@ -48,6 +48,7 @@ Initialize the following variables:
 * ``last_rule_gen := null``
 * ``last_aml_review := null``
 * ``last_deny := if isZeroLimited(op, amt) then now() else null``
+* ``last_bad_kyc_auth := false``
 * ``account_keypair := getCurrentAccountKeyPair(op)``
 
 Processing
@@ -57,13 +58,13 @@ Processing
    make a request for ``op`` at the exchange.  Let ``resp`` be the response.
 
    * If the request succeeds, *halt*.
-   * If the request fails with ``451``, set ``last_deny := now()``.
+   * If the request fails with ``451``, set ``last_deny := now()`` and ``last_bad_kyc_auth := resp.bad_kyc_auth``.
    * Otherwise, finish processing operation with result ``BACKOFF``.
 
 2. Request the ``/kyc-check/...`` endpoint applicable for ``op`` with ``account_keypair`` the following parameters:
 
    * If ``last_check_status == null``: Make request without long-polling.
-   * If ``last_check_status in [403 Forbidden, 409 Conflict]``: Long-poll. Add query parameter ``lpt=1``
+   * If ``last_check_status in [403 Forbidden, 409 Conflict]`` or ``last_bad_kyc_auth == true && last_check_status == 404``: Long-poll. Add query parameter ``lpt=1``
    * If ``last_aml_review == true``: Long-poll. Add query parameter ``lpt=2``.  If ``last_rule_gen != null``, add
      query parameter ``min_rule=last_rule_gen``.
    * Otherwise: Long-poll. If ``last_rule_gen != null``, add ``min_rule=last_rule_gen``
@@ -81,8 +82,13 @@ Processing
    * If ``resp.status == 403 Forbidden``: Check if the private key for the
      indicated public key is available. If, set ``account_keypair`` to that key pair and finish with result ``PROGRESS``.
      Otherwise, finish with result ``BACKOFF``.
-   * If ``resp.status == 404 Not Found``: Go to step 4, with exposed limits set to the default limits.
-   * Otherwise (unhandled status), finish processing operation with result ``BACKOFF``.
+   * If ``resp.status == 404 Not Found``:
+
+     * If ``last_bad_kyc_auth == true``, finish
+       processing with result ``BACKOFF`` (transition asking the user for KYC auth).
+     * Otherwise, go to step 4, with exposed limits set to the default limits.
+
+   * Otherwise (unhandled status), finish processing with result ``BACKOFF``.
 
 4. Handle exposed limits applicable to the account:
 
@@ -95,6 +101,8 @@ Processing
      violated), compute the time ``t`` when the operation may be allowed again.
      Finish processing operation with result ``AGAIN_AT(t)``.
 
+**KYC auth state**: The user should be instructed to do a KYC auth transfer if
+``last_check_status in [403 Forbidden, 409 Conflict]`` or ``last_bad_kyc_auth == true && last_check_status == 404``.
 
 Additional Considerations
 ^^^^^^^^^^^^^^^^^^^^^^^^^