provide meaningful error message if wrong ap is taken

[ralfhauser]

With that wrong URL and https://github.com/SCS-CBU-CED-IAM/mobileid/blob/master/shell/mobileid-sign.sh

you get curl failed with 58 or FAILED on +41754105... with error 104 (UNAUTHORIZED_ACCESS: ) and exit 2

[phaupt]

If I understood correctly you say that you have defined a wrong AP_ID. The AP_ID is kind of like your account name. If the username is wrong, the provided SSL key won't match and access is not authorized. Therefore, a fault response (HTTP 500) is as designed and violation is logged on our side.

For security reason, we won't tell whether AP_ID (~account name) or SSL key (~password) is wrong. That is common best practice.

cURL should not fail with 58 just because of a wrong AP_ID. It is not the case on my environment. Are you sure there is nothing else wrong with your request? What OS and cURL version did you use?

[ralfhauser]

So far, this tool has been presented to me as a testing tool. In this case, helping people to avoid hours spent with the Telco Support on discovering minor config errors is a waste of time. So I suggest at least in a debug or testing mode, to be more helpful

[phaupt]

I fully agree with you that more verbose details from the server would help a lot and simplify integration work. Though your AP_ID is a fully fledged production account. Security is important for production endpoints and always a certain trade-off with usability. So I am afraid the server won‘t tell wether the AP was invalid or the Key was wrong. Please get in direct contact with us and we will help you with integration problems.