Closed wrygiel closed 1 year ago
We started development for the dashboard ewp node and we are also facing issues regarding this missing query parameter. omobility_id is not enough to uniquely identify an imobility. Hosts with multiple heis can have omobilities with the same omobility_id and different sending_hei_id for the same receiving_hei_id. When we request an immobility with only omobility_id and receiving_hei_id we can have two matches.
Can the sending_hei_id query param be added to the immobility and immobility cnr endpoints?
This will not be needed when we introduce the planned change - one HEI per manifest with the uniqe URL for API and unique key/certificate.
What is the timeframe for the implementation of this change?
As shared in the e-mail to developers.
This problem disappeared with Discovery 6.0.0.
Thank you. IMHO this should be specified in the document anyway, because it's unclear where the sending_hei_id
to disambiguate omobility_id
identifiers should come from.
Isn't this enough?
It's clear what the calling HEI is for all EWP APIs.
Honestly, it could be clearer. But it may just be me not being very bright. :-)
The specs are spread in so many different repos, and even after reading this other link on another repo I'm not entirely sure where the remote HEI id comes from. I need to check the Discovery specs, which I also did, and then the specs of the individual authentication methods, and then… Something to help the inexperienced navigate the specifications would be more than welcome.
You may find this helpful: https://esci-sd.atlassian.net/wiki/spaces/ITSC/pages/111706138/EWP+in+GitHub
Thank you! It did help. After some research, at https://github.com/erasmus-without-paper/ewp-specs-api-registry I found this that should be the answer:
Question 2: I have received a HTTPS request signed by a client certificate cert. Data of which HEIs is this client privileged to access?
Determine the certificate's SHA-256 fingerprint first (e.g. DigestUtils.sha256Hex(cert.getEncoded()) if you're using Java). Then, you can use an XPath expression similar to this one:
//r:client-credentials-in-use/r:certificate[@sha-256="<your-digest>"]/../../r:institutions-covered/r:hei-id
[…]
Question 4: I have received a request signed with HTTP Signature with keyId equal to X. I have already validated the signature (as described in question 3), so I know that the sender is in possession of the private part of the key-pair. How do I retrieve the list of HEIs who's data is this client privileged to access?
You can use an XPath expression similar to this one:
//r:client-credentials-in-use/r:rsa-public-key[@sha-256="X"]/../../r:institutions-covered/r:hei-id
(I leave it here in case others in the future struggle to find this piece of information.)
Reported by Polish developers. The following endpoints are probably missing a
sending_hei_id
request parameter:get
endpoint of Incoming Mobilities API,get
endpoint of Incoming Mobility ToRs API.