search

camaraproject / CallForwardingSignal

Repository to describe, develop, document and test the Call Forwarding Signal API
Apache License 2.0
2 stars 3 forks source link

CAMARA Guidelines: Phone number identification with 3Legs #51

Open FabrizioMoggio opened 3 days ago

FabrizioMoggio commented 3 days ago

Problem description CAMARA Guidelines define to get the phone number from the access token: https://github.com/camaraproject/Commonalities/blob/main/documentation/API-design-guidelines.md#appendix-a-infodescription-template-for-device-identification-from-access-token

and if anyway provided in the API invocation a check must be done.

Expected behavior get MSISDN from the access token

Alternative solution still use PhoneNumber as input parameter and return error 403 (INVALID_TOKEN_CONTEXT) if it is not equal with the value from the access token

Additional context https://github.com/camaraproject/Commonalities/pull/233 https://github.com/camaraproject/SimSwap/issues/117

FabrizioMoggio commented 3 days ago

I propose to go for the "Alternative solution":

"still use PhoneNumber as input parameter and return error 403 (INVALID_TOKEN_CONTEXT) if it is not equal with the value from the access token"

It is easier for the Developer to understand the flow in my opinion.