Open FabrizioMoggio opened 3 days ago
I propose to go for the "Alternative solution":
"still use PhoneNumber as input parameter and return error 403 (INVALID_TOKEN_CONTEXT) if it is not equal with the value from the access token"
It is easier for the Developer to understand the flow in my opinion.
Problem description CAMARA Guidelines define to get the phone number from the access token: https://github.com/camaraproject/Commonalities/blob/main/documentation/API-design-guidelines.md#appendix-a-infodescription-template-for-device-identification-from-access-token
and if anyway provided in the API invocation a check must be done.
Expected behavior get MSISDN from the access token
Alternative solution still use PhoneNumber as input parameter and return error 403 (INVALID_TOKEN_CONTEXT) if it is not equal with the value from the access token
Additional context https://github.com/camaraproject/Commonalities/pull/233 https://github.com/camaraproject/SimSwap/issues/117