dheerajkhardwal
commented
2 years ago Points to consider with currently proposed changes:
-
Extending current
ecreq/ecresformat (form-urlencoded) to introduce array based parameter is not ideal. For example:- Request fields will take the shape:
...&srcref="consentHandleUUID01"&srcref="consentHandleUUID02"&srcref="consentHandleUUID03" - Response fields will take even more complex shape:
srcref[0].status="S"&srcref[0].errorCode="0"&srcref[0].consentHandle="consentHandleUUID00"&srcref[1].status="..."&srcref[1].errorCode="0"
Should JSON format be considered instead of form-urlencoded?
Relevant references: a. https://dev.to/bcanseco/request-body-encoding-json-x-www-form-urlencoded-ad9 b. https://stackoverflow.com/questions/12042476/normal-form-submission-vs-json/26527335#26527335
- Request fields will take the shape:
-
Further, with increased query parameters' length, we have to consider URL length limitations of browsers/servers.
- Reference: https://stackoverflow.com/questions/417142/what-is-the-maximum-length-of-a-url-in-different-browsers
- Considering an upper limit of 2048 characters, roughly 25 consent handles can be passed including other parameters.
-
A root level errorCode field should be introduced to handle common errors across all requested consent handles.
- Such as, Invalid request, User authentication failed.
- This may also call for splitting of error codes
The specs have been updated to include redirection from a non-FIU participant i.e. an LSP. The current AA specs handle only single FIU use cases. In case of an LSP, a loan application is sent to multiple FIUs and hence, multiple consents are created for the same user. To accommodate this change and enable LSPs to show multiple consents, an array of consent handles need to be managed by the AA.