in NextGenPSD2 XS2A Framework Implementation Guidelines (Version 1.3.8) 6.3.1 Account Information Consent Request: Response section contains _links attribute.
In case of Oauth2 method scaOauth link should be returned.

"scaOAuth": In case of an OAuth2 based Redirect Approach, the ASPSP is transmitting the link where the configuration of the OAuth2 Server is defined. The configuration follows the OAuth 2.0 Authorisation Server Metadata specification.

"scaOauth" link is mentioned in de.adorsys.psd2.xs2a.domain.Links class but not used in project, are you planning to fix this issue soon?

XS2A version(s):

• 1.3.8

Just a clarification:

• Is it the "Apache 2.0" license?

Background:

• GitHub displays License in the "correct" format very nice, e.g.: (https://github.com/moby/moby/blob/master/LICENSE)

Place where bug appeared

• de.adorsys.psd2.consent.service.psu.CmsPsuPisServiceInternal.buildCmsPaymentResponse
• de.adorsys.psd2.consent.service.psu.CmsPsuPisServiceInternal.buildCmsPaymentResponseForCancellation

Current behavior

• When GET on /psu-api/v1/payment/redirect/{redirect-id} or /psu-api/v1/payment/cancellation/redirect/{redirect-id} is executed with a common payment (pain-payment). Then the mapping fails with IndexOutOfBoundsException in de.adorsys.psd2.consent.service.mapper.CmsPsuPisMapper.mapToCmsPayment because CmsPsuPisServiceInternal calls the mapper with an empty list

Expected behavior

• IndexOutOfBoundsException should be avoided, common payment should be mapped correct

Steps to reproduce

• initiate common payment with redirect approach
• call /psu-api/v1/payment/redirect/{redirect-id} or /psu-api/v1/payment/cancellation/redirect/{redirect-id} with generated redirect-id

SCA approach

• [ x] Redirect
• Embedded
• Decoupled

XS2A version(s):

• 3.1

The other issues before were answered, so putting the remaining question into a new one.

Why was the groupId
de.adorsys.aspsp
used for this repository, while others like multibanking or smartanalytics use
de.adorsys.multibanking and de.adorsys.smartanalytics?

The keywords for the repository are "xs2a", "xs2a-interface" or "psd2", so why was just a particular actor within the Berlin Group XS2A definition "ASPSP" selected as the groupId instead of "XS2A" or "PSD2"?

Current behavior

• Currently, the request-id and in-request-id are logged explicitly. So when we are logging in custom spi implementation, every logging message must be extended with InR-ID: [{}], X-Request-ID: [{}] or else when we use MDC the information is logged twice for adorsys classes

Expected behavior

• When MDC is used, logging format can be changed easyly and every logging message has the information for InR-ID and X-Request-ID. It would also be nice, when the request-ids are propagated to cms/profile serivice so that the Log-messages can be correlated.

Maybe an issue for your backlog?

The repository contains a travis.yml file.
Would it be possible to make the result of the associated CI instance visible on the README page?

Place where bug appeared

• Endpoint: /v1/consents/{consentId}/authorisations
• Component: de.adorsys.psd2.xs2a.service.authorization.ais.OauthAisAuthorizationService

Current behavior

• de.adorsys.psd2.xs2a.service.authorization.ais.OauthAisAuthorizationService the bean which has no implementation

Expected behavior

• Seems like it should be an SPI

Steps to reproduce

• aspsp configuration yaml:
• • scaApproaches: OAUTH
• • scaRedirectFlow: OAUTH
• Create consent:
• • POST /v1/consents/
• Start authorization for created consent
• • POST /v1/consents/{consentId}/authorisations

SCA approach

• OAUTH

Request / Response example

Request POST /v1/consents/

{
  "access": {
    "availableAccounts": "allAccounts"
  },
  "combinedServiceIndicator": false,
  "frequencyPerDay": 5,
  "recurringIndicator": true,
  "validUntil": "9999-10-10"
}

Response

{
    "consentStatus": "received",
    "consentId": "fake-consent-0",
    "_links": {
        "self": {
            "href": "http://localhost:8091/v1/consents/fake-consent-0"
        },
        "status": {
            "href": "http://localhost:8091/v1/consents/fake-consent-0/status"
        }
    },
    "psuMessage": "OTP Password required"
}

Request POST /v1/consents/fake-consent-0/authorisations

{
    "tppMessages": [
        {
            "category": "ERROR",
            "code": "CONSENT_UNKNOWN",
            "text": "Please provide correct consentId."
        }
    ]
}

XS2A version(s):

• 3.5

Log files or other additional info

[DEBUG][13:04:27.589] - org.springframework.security.web.access.intercept.FilterSecurityInterceptor: Previously Authenticated: org.springframework.security.oauth2.provider.OAuth2Authentication@81c57778: Principal: AuthenticatedPrincipal(token=0a3bcd4d-90e9-49ec-8f0d-0f84e7fc9ac4, tokenTtl=600, pwi=user); Credentials: [PROTECTED]; Authenticated: true; Details: remoteAddress=0:0:0:0:0:0:0:1, sessionId=, tokenType=BearertokenValue=; Granted Authorities: ROLE_USER
[DEBUG][13:04:27.590] - org.springframework.security.access.vote.AffirmativeBased: Voter: org.springframework.security.web.access.expression.WebExpressionVoter@3a085c5b, returned: 1
[DEBUG][13:04:27.590] - org.springframework.security.web.access.intercept.FilterSecurityInterceptor: Authorization successful
[DEBUG][13:04:27.590] - org.springframework.security.web.access.intercept.FilterSecurityInterceptor: RunAsManager did not change Authentication object
[DEBUG][13:04:27.590] - org.springframework.security.web.FilterChainProxy: /v1/consents/fake-consent-0/authorisations reached end of additional filter chain; proceeding with original chain
[INFO ][13:04:29.253] - access-log: REQUEST - TPP ID: [PSDDE-FAKENCA-87B2AC], TPP IP: [0:0:0:0:0:0:0:1], X-Request-ID: [2f77a125-aa7a-45c0-b414-cea25a116035], URI: [/v1/consents/fake-consent-0/authorisations], Consent ID: [fake-consent-0]
[DEBUG][13:04:29.292] - org.springframework.security.oauth2.provider.error.DefaultOAuth2ExceptionRenderer: Written [error="invalid_token", error_description="Invalid access token: 6443f0ef-9d26-4b5a-bdae-0c67817fad6a"] as "application/json;charset=UTF-8" using [org.springframework.http.converter.json.MappingJackson2HttpMessageConverter@1ff9fe46]
[DEBUG][13:04:29.292] - org.springframework.security.web.context.SecurityContextPersistenceFilter: SecurityContextHolder now cleared, as request processing completed
[INFO ][13:04:34.699] - de.adorsys.psd2.xs2a.service.event.Xs2aEventService: X-REQUEST-ID: [2f77a125-aa7a-45c0-b414-cea25a116035], TPP ID: [PSDDE-FAKENCA-87B2AC]. Couldn't record event from TPP request: Event(timestamp=2019-07-12T13:04:34.699072+03:00, consentId=fake-consent-0, paymentId=null, eventOrigin=TPP, eventType=START_AIS_CONSENT_AUTHORISATION_REQUEST_RECEIVED, instanceId=null, psuIdData=PsuIdData(psuId=aspsp, psuIdType=null, psuCorporateId=null, psuCorporateIdType=null), tppAuthorisationNumber=PSDDE-FAKENCA-87B2AC, xRequestId=2f77a125-aa7a-45c0-b414-cea25a116035, payload=RequestEventPayload(tppInfo=TppInfo(authorisationNumber=PSDDE-FAKENCA-87B2AC, tppName=, tppRoles=[AISP, PISP, PIISP], authorityId=DE-FAKENCA, authorityName=Trust Service Provider AG, country=Germany, organisation=Fictional Corporation AG, organisationUnit=Information Technology, city=Nuremberg, state=Bayern, tppRedirectUri=null, issuerCN=null), tppIp=0:0:0:0:0:0:0:1, uri=/v1/consents/fake-consent-0/authorisations, headers={x-request-id=2f77a125-aa7a-45c0-b414-cea25a116035, content-length=0, cookie=SESSION=OWI2OWI2NjUtMGY0My00OGViLTk1ZDgtYjNkNWZiOTQ0ZjI1, postman-token=01c627f3-0296-41ec-86db-7187bbf79032, accept=application/json, authorization=Bearer 02f51b86-2737-48e4-9585-697114ccae9b, tpp-qwac-certificate=-----BEGIN CERTIFICATE-----MIIFQTCCAymgAwIBAgIESLvdaTANBgkqhkiG9w0BAQsFADB4MQswCQYDVQQGEwJERTEQMA4GA1UECAwHQkFWQVJJQTESMBAGA1UEBwwJTnVyZW1iZXJnMSIwIAYDVQQKDBlUcnVzdCBTZXJ2aWNlIFByb3ZpZGVyIEFHMR8wHQYDVQQLDBZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MB4XDTE5MDMwNTE1MTIwN1oXDTIwMDMwNDAwMDAwMFowgcwxITAfBgNVBAoMGEZpY3Rpb25hbCBDb3Jwb3JhdGlvbiBBRzEJMAcGA1UEAwwAMSUwIwYKCZImiZPyLGQBGRYVcHVibGljLmNvcnBvcmF0aW9uLmRlMR8wHQYDVQQLDBZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRAwDgYDVQQGEwdHZXJtYW55MQ8wDQYDVQQIDAZCYXllcm4xEjAQBgNVBAcMCU51cmVtYmVyZzEdMBsGA1UEYQwUUFNEREUtRkFLRU5DQS04N0IyQUMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeDcYlVutZeGFtOkonIMGHwway2ASZl8p7/v7USIxeMo/5ppbAa6Ei7i7jH9ORBoHV6qxAwNFkdd8JDneNiNn0NSvoYTemr5mqyXYhwpzLueXth1oBgjLYvcaLFXXQGS0dd6sDcaCTbw9xdDmap+6xYDRzIrdviyiph1ewpUXlrEHNu5Oomk7R5Dpv4gM9uRwYiskRigZdnArfyQ3ZYW4VZvMlFW3t1IVvSiOWvruF24w+j1g3BOHNM7tIAOlOUYQpHV1G1ChcFt5/ICArtsGAd4/ZUzlmujktdO+hNA70fDHUxkG6vQRFQhSnszzJ/C/g632nMTJbAaGtO2OvdL9DAgMBAAGjfjB8MHoGCCsGAQUFBwEDBG4wbAYGBACBmCcCMGIwOTARBgcEAIGYJwEDDAZQU1BfQUkwEQYHBACBmCcBAgwGUFNQX1BJMBEGBwQAgZgnAQQMBlBTUF9JQwwZVHJ1c3QgU2VydmljZSBQcm92aWRlciBBRwwKREUtRkFLRU5DQTANBgkqhkiG9w0BAQsFAAOCAgEAK07yQviS7/zKm1EqQyyGkEbf/1sHb9FLPBr/BicYxc3IQGd4xG1SJ1uLudX37Yq/o6exjixZ8ywib27jNLCpsF1dEQabHNXgS4enojf7CVTyKjDkKqE1mwqPmGeoWWwaWOUsWQ2/Ja/UTW5Bn5iA+nHCXVrkcjFVnRvi+dSsRm4J3E0EdAAwBkSEqHGDZO1ZiAh20YkNExx8MKKiHAVZ0ZFCXzYcaWzaK6yeCarvyPNCb+BAsc1wf3/88tLT9Nof/Ctzv2L9OjGHcalCLf/g/qTr6/50J4IMVdBwoVkg27yRE5EC3RKJE5BFx6TNWeNGs7r8HpAhO/6hLKzVHjrsA8/SAwTWNQNWdP/azSV42DuVMjDi5o5Ax9RkHXRvjsuwTR19AKvIc6nv/8XUtwORjHW+FTXTGa28PqCD1ZACiHytIBXrETevmLIlFuh6ZaWKBYPUc3DmJbFSZkhRFybh1SEtl/WzeQjIKqkRw0MGzDIRwD0sYqeE8ENkJbXJG+Cy4c42mZmEwG6E7HQQtiT9Irt1cnUiFDRe6g+h4GaxhOC5Pluxhij4DaNHCIZm30IHcyA4vZOyj7rXcvvfGMwPgbSdqSdEeNB25FEmFmJnavESxyJKYNx3JONm//0yRpacfWos/MjmbLWynYz8Bv8EK7mCS84bmSlUrUgHoNvDeBc=-----END CERTIFICATE-----, host=localhost:8091, content-type=application/json, connection=keep-alive, cache-control=no-cache, accept-encoding=gzip, deflate, psu-id=aspsp, user-agent=PostmanRuntime/7.13.0}, body=null))
[DEBUG][13:06:37.400] - org.springframework.security.web.header.writers.HstsHeaderWriter: Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@7c155021
[INFO ][13:06:37.420] - access-log: RESPONSE - TPP ID: [PSDDE-FAKENCA-87B2AC], X-Request-ID: [2f77a125-aa7a-45c0-b414-cea25a116035], Status: [403]
[DEBUG][13:06:37.421] - org.springframework.security.web.access.ExceptionTranslationFilter: Chain processed normally
[DEBUG][13:06:37.421] - org.springframework.security.web.context.SecurityContextPersistenceFilter: SecurityContextHolder now cleared, as request processing completed

Field in question

scaRedirectFlow=OAUTH
Does not seem to function properly

Place where bug appeared

• Endpoint or Component or Class

Current behavior

When using the following ASPSP profile

{
  "ais": {
    "consentTypes": {
      "bankOfferedConsentSupported": true,
      "globalConsentSupported": true,
      "availableAccountsConsentSupported": true,
      "accountAccessFrequencyPerDay": 100,
      "notConfirmedConsentExpirationTimeMs": 86400000,
      "maxConsentValidityDays": 0,
      "accountOwnerInformationSupported": false,
      "trustedBeneficiariesSupported": false
    },
    "redirectLinkToOnlineBanking": {
      "aisRedirectUrlToAspsp": "http://localhost:4400/account-information/login?encryptedConsentId={encrypted-consent-id}&redirectId={redirect-id}"
    },
    "transactionParameters": {
      "availableBookingStatuses": [
        "both",
        "booked",
        "pending"
      ],
      "transactionsWithoutBalancesSupported": false,
      "supportedTransactionApplicationTypes": [
        "application/json"
      ]
    },
    "deltaReportSettings": {
      "entryReferenceFromSupported": false,
      "deltaListSupported": false
    },
    "scaRequirementsForOneTimeConsents": {
      "scaByOneTimeAvailableAccountsConsentRequired": true,
      "scaByOneTimeGlobalConsentRequired": true
    }
  },
  "pis": {
    "supportedPaymentTypeAndProductMatrix": {
      "payments": [
        "sepa-credit-transfers",
        "instant-sepa-credit-transfers"
      ]
    },
    "maxTransactionValidityDays": 0,
    "notConfirmedPaymentExpirationTimeMs": 86400000,
    "paymentCancellationAuthorisationMandated": false,
    "redirectLinkToOnlineBanking": {
      "pisRedirectUrlToAspsp": "http://localhost:4400/payment-initiation/login?paymentId={encrypted-payment-id}&redirectId={redirect-id}",
      "pisPaymentCancellationRedirectUrlToAspsp": "http://localhost:4400/payment-cancellation/login?paymentId={encrypted-payment-id}&redirectId={redirect-id}",
      "paymentCancellationRedirectUrlExpirationTimeMs": 600000
    },
    "countryValidationSupported": "DE",
    "supportedTransactionStatusFormats": [
      "application/json"
    ]
  },
  "piis": {
    "piisConsentSupported": "NOT_SUPPORTED"
  },
  "common": {
    "scaRedirectFlow": "OAUTH",
    "oauthConfigurationUrl": "http://localhost:20015/oauth/authorization-server",
    "startAuthorisationMode": "AUTO",
    "tppSignatureRequired": false,
    "psuInInitialRequestMandated": false,
    "redirectUrlExpirationTimeMs": 600000,
    "authorisationExpirationTimeMs": 86400000,
    "forceXs2aBaseLinksUrl": false,
    "xs2aBaseLinksUrl": "http://myhost.com/",
    "supportedAccountReferenceFields": [
      "IBAN"
    ],
    "multicurrencyAccountLevelSupported": "SUBACCOUNT",
    "aisPisSessionsSupported": false,
    "signingBasketSupported": false,
    "checkTppRolesFromCertificateSupported": true,
    "aspspNotificationsSupported": [
      "NONE"
    ],
    "authorisationConfirmationRequestMandated": false,
    "authorisationConfirmationCheckByXs2a": false,
    "checkUriComplianceToDomainSupported": false,
    "tppUriComplianceResponse": "WARNING"
  }
}

and calling POST /v1/consents of xs2a, scaOAuth URL is wrong - it is http://localhost:20015/oauth/authorization-server

Expected behavior

When and calling POST /v1/consents of xs2a, scaOAuth URL should be like - http://localhost:20015/oauth/authorization-server?consentId=Js7WlzPxLwcAH-zLnlcEgSWEJxhZpUfEmhTXGHENk_pyT7hcwKMcr-oyrvEPRiMyfVD9C7aDmHXy2Bg8xOSursz9MpaJIQIH3NJX8IHgetw=_=_psGLvQpt9Q&redirectId=d64994fb-50df-42cc-a847-b42042276f94

Steps to reproduce

Enable ASPSP profile to use OAUTH
Ensure OAUTH is in supported SCA

Note, that when using X-OAUTH-PREFERRED header scaOAuth is correct

SCA approach

• Redirect
• Embedded
• Decoupled
• Oauth

XS2A version(s):

• 7.4.1
  Same seem to happen on develop too

Log files or other additional info

Feel free to provide more info about your problem

According to
https://github.com/adorsys/xs2a/blob/58cba89ad0735f436dc46e8a9b11da9d5cf7ac3d/doc/XS2A.%20Details%20of%20realisation/Strong%20customer%20authentication.adoc#support-pre-step-and-integrated-oauth-modes
This is valid setup

When syncing the latest codebase from upstream I noticed e.g. one class de.adorsys.aspsp.xs2a.service.AISConsentService vs. de.adorsys.aspsp.xs2a.service.consent.ais.AisConsentService.

I know because I help Oracle and others in the JCP and more recently Eclipse/Jakarta EE, that acronyms are not always easy to decide, but especially Oracle tends to prefer CamelCase for most acronyms like HTTP.
Take https://docs.oracle.com/javase/10/docs/api/javax/xml/ws/http/HTTPBinding.html (as of Java 1.6) vs.
https://docs.oracle.com/javase/10/docs/api/javax/xml/ws/spi/http/HttpHandler.html (which came with Java 7 about a year after the Oracle acquisition of Sun) as an example.

Not sure if there's a common system and convention for different developers how to treat acronyms like AIS, PIS, ASPSP, TPP, etc.?
In another case there's also a de.adorsys.aspsp.xs2a.component.JsonConverter rather than a JSONConverter, so it would be great to be consistent within the solution.

11d. Berlin Group openFinance API Framework - Core-PSD2 Compliance V2 Suite - Consent API 20231005.pdf
"NOTE: The embedded SCA Approach where all PSU credentials are transported via the API is very specific."

Indeed. Making "very specific" stuff a part of a general purpose API was a HUGE mistake.

Although I would love to use Adorsys' xs2a software for embedded SCA, Berlin Group's take on the matter makes it easier to start from scratch. Here is the overarching plan.: https://cyberphone.github.io/doc/research/revised-open-banking-architecture.pdf

It is obviously missing one thing: there must be a way for application services to reuse the bank's login in order to permit self-initiation of payment credentials. I don't think PIISP is this.

Hi
I've problem when run:

Run an ASPSP-Profile:
$ cd aspsp-profile
$ mvn spring-boot:run

whit this result:

[INFO] Scanning for projects...
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] aspsp-profile
[INFO] aspsp-profile-api
[INFO] aspsp-profile-lib
[INFO] aspsp-profile-server
[INFO] aspsp-profile-remote
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building aspsp-profile 1.9
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] >>> spring-boot-maven-plugin:1.5.16.RELEASE:run (default-cli) > test-comp
ile @ aspsp-profile >>>
[INFO]
[INFO] <<< spring-boot-maven-plugin:1.5.16.RELEASE:run (default-cli) < test-comp
ile @ aspsp-profile <<<
[INFO]
[INFO]
[INFO] --- spring-boot-maven-plugin:1.5.16.RELEASE:run (default-cli) @ aspsp-pro
file ---
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] aspsp-profile ...................................... FAILURE [ 6.767 s]
[INFO] aspsp-profile-api .................................. SKIPPED
[INFO] aspsp-profile-lib .................................. SKIPPED
[INFO] aspsp-profile-server ............................... SKIPPED
[INFO] aspsp-profile-remote ............................... SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 10.405 s
[INFO] Finished at: 2018-10-21T21:50:27+02:00
[INFO] Final Memory: 22M/169M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.springframework.boot:spring-boot-maven-plugin
:1.5.16.RELEASE:run (default-cli) on project aspsp-profile: Unable to find a sui
table main class, please add a 'mainClass' property -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e swit
ch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please rea
d the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionE
xception

The link https://github.com/adorsys/xs2a/blob/develop/doc/architecture/deployment.md in the "Deployment" chapter of the README file is wrong our outdated.

Place where bug appeared

Current behavior

old AIS consents stay in consent management system and are not being expired.

Expected behavior

old AIS consents for the same TPP and PSU should be expired.

If no confirmation code is being used it works fine by calling

Steps to reproduce

• create and authorise an AIS consent with redirect flow and confirmation code enabled.
• create and authorise a second AIS consent with redirect flow and confirmation code enabled for same TPP and same PSU.
• check status of all AIS consents for the given TPP and PSU.

SCA approach

• [ x] Redirect with confirmation code enabled
• Embedded
• Decoupled

XS2A version(s):

• 9.5

Log files or other additional info

Place where bug appeared

• de.adorsys.psd2.consent.domain.payment.PisPaymentData

Current behavior

• In case of Bulk-Payments, the boolean flag "batchBookingPreferred" is not persisted, with GET you will always get batchBookingPreferred=false

Expected behavior

• Should be boolean value from bulk-payments initiation, and it should be persisted

Steps to reproduce

• Initiate Bulk-Payment with batchBookingPreferred=true
• Request the created Payment and you get always batchBookingPreferred=false

XS2A version(s):

• 3.1

While all the other services run locally without problem (as per GETTING_STARTED, running spi-mock fails:

  .   ____          _            __ _ _
/\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot ::       (v1.5.18.RELEASE)

[INFO ][16:28:28.251] - de.adorsys.aspsp.xs2a.spi.ASPSPXs2aApplication: Starting ASPSPXs2aApplication on M1D-WNB-00013 with PID 8880 (C:\Dev\git\xs2a\spi-mock\target\classes started by cs98547 in C:\Dev\git\xs2a\spi-mock)
[DEBUG][16:28:28.251] - de.adorsys.aspsp.xs2a.spi.ASPSPXs2aApplication: Running with Spring Boot v1.5.18.RELEASE, Spring v4.3.21.RELEASE
[INFO ][16:28:28.251] - de.adorsys.aspsp.xs2a.spi.ASPSPXs2aApplication: The following profiles are active: mockspi
[DEBUG][16:28:29.454] - org.jboss.logging: Logging Provider: org.jboss.logging.Slf4jLoggerProvider found via system property
[INFO ][16:28:33.423] - org.apache.coyote.http11.Http11NioProtocol: Initializing ProtocolHandler ["http-nio-8080"]
[INFO ][16:28:33.436] - org.apache.catalina.core.StandardService: Starting service [Tomcat]
[INFO ][16:28:33.437] - org.apache.catalina.core.StandardEngine: Starting Servlet Engine: Apache Tomcat/8.5.35
[ERROR][16:28:33.687] - org.apache.catalina.core.ContainerBase: A child container failed during start
java.util.concurrent.ExecutionException: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Tomcat].StandardHost[localhost].TomcatEmbeddedContext[]]
       at java.util.concurrent.FutureTask.report(FutureTask.java:122)
       at java.util.concurrent.FutureTask.get(FutureTask.java:192)
       at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:942)
       at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:872)
       at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
       at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1423)
       at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1413)
       at java.util.concurrent.FutureTask.run(FutureTask.java:266)
       at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
       at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Tomcat].StandardHost[localhost].TomcatEmbeddedContext[]]
       at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167)
       ... 6 common frames omitted
Caused by: org.apache.catalina.LifecycleException: Failed to start component [Pipeline[StandardEngine[Tomcat].StandardHost[localhost].TomcatEmbeddedContext[]]]
       at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167)
       at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5166)
       at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
       ... 6 common frames omitted
Caused by: org.apache.catalina.LifecycleException: Failed to start component [org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve[]]
       at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167)
       at org.apache.catalina.core.StandardPipeline.startInternal(StandardPipeline.java:182)
       at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
       ... 8 common frames omitted
Caused by: java.lang.NoSuchMethodError: javax.servlet.ServletContext.getVirtualServerName()Ljava/lang/String;
       at org.apache.catalina.authenticator.AuthenticatorBase.startInternal(AuthenticatorBase.java:1181)
       at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
       ... 10 common frames omitted
[ERROR][16:28:33.689] - org.apache.catalina.core.ContainerBase: A child container failed during start
java.util.concurrent.ExecutionException: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Tomcat].StandardHost[localhost]]
       at java.util.concurrent.FutureTask.report(FutureTask.java:122)
       at java.util.concurrent.FutureTask.get(FutureTask.java:192)
       at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:942)
       at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:262)
       at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
       at org.apache.catalina.core.StandardService.startInternal(StandardService.java:422)
       at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
       at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:793)
       at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
       at org.apache.catalina.startup.Tomcat.start(Tomcat.java:366)
       at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.initialize(TomcatEmbeddedServletContainer.java:114)
       at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.<init>(TomcatEmbeddedServletContainer.java:87)
       at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory.getTomcatEmbeddedServletContainer(TomcatEmbeddedServletContainerFactory.java:554)
       at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory.getEmbeddedServletContainer(TomcatEmbeddedServletContainerFactory.java:179)
       at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.createEmbeddedServletContainer(EmbeddedWebApplicationContext.java:166)
       at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.onRefresh(EmbeddedWebApplicationContext.java:136)
       at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:537)
       at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:124)
       at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693)
       at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360)
       at org.springframework.boot.SpringApplication.run(SpringApplication.java:303)
       at org.springframework.boot.SpringApplication.run(SpringApplication.java:1118)
       at org.springframework.boot.SpringApplication.run(SpringApplication.java:1107)
       at de.adorsys.aspsp.xs2a.spi.ASPSPXs2aApplication.main(ASPSPXs2aApplication.java:30)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
       at java.lang.reflect.Method.invoke(Method.java:498)
       at org.springframework.boot.maven.AbstractRunMojo$LaunchRunner.run(AbstractRunMojo.java:528)
       at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Tomcat].StandardHost[localhost]]
       at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167)
       at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1423)
       at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1413)
       at java.util.concurrent.FutureTask.run(FutureTask.java:266)
       at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
       ... 1 common frames omitted
Caused by: org.apache.catalina.LifecycleException: A child container failed during start
       at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:953)
       at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:872)
       at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
       ... 6 common frames omitted
Caused by: java.util.concurrent.ExecutionException: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Tomcat].StandardHost[localhost].TomcatEmbeddedContext[]]
       at java.util.concurrent.FutureTask.report(FutureTask.java:122)
       at java.util.concurrent.FutureTask.get(FutureTask.java:192)
       at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:942)
       ... 8 common frames omitted
Caused by: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Tomcat].StandardHost[localhost].TomcatEmbeddedContext[]]
       at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167)
       ... 6 common frames omitted
Caused by: org.apache.catalina.LifecycleException: Failed to start component [Pipeline[StandardEngine[Tomcat].StandardHost[localhost].TomcatEmbeddedContext[]]]
       at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167)
       at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5166)
       at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
       ... 6 common frames omitted
Caused by: org.apache.catalina.LifecycleException: Failed to start component [org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve[]]
       at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167)
       at org.apache.catalina.core.StandardPipeline.startInternal(StandardPipeline.java:182)
       at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
       ... 8 common frames omitted
Caused by: java.lang.NoSuchMethodError: javax.servlet.ServletContext.getVirtualServerName()Ljava/lang/String;
       at org.apache.catalina.authenticator.AuthenticatorBase.startInternal(AuthenticatorBase.java:1181)
       at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
       ... 10 common frames omitted
[INFO ][16:28:33.694] - org.apache.coyote.http11.Http11NioProtocol: Pausing ProtocolHandler ["http-nio-8080"]
[INFO ][16:28:33.695] - org.apache.catalina.core.StandardService: Stopping service [Tomcat]
[WARN ][16:28:33.701] - org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext: Exception encountered during context initialization - cancelling refresh attempt: org.springframework.context.ApplicationContextException: Unable to start embedded container; nested exception is org.springframework.boot.context.embedded.EmbeddedServletContainerException: Unable to start embedded Tomcat
[ERROR][16:28:33.719] - org.springframework.boot.diagnostics.LoggingFailureAnalysisReporter: 

***************************
APPLICATION FAILED TO START
***************************

Description:

An attempt was made to call the method javax.servlet.ServletContext.getVirtualServerName()Ljava/lang/String; but it does not exist. Its class, javax.servlet.ServletContext, is available from the following locations:

    jar:file:/C:/Dev/repository/javax/servlet/javax.servlet-api/3.0.1/javax.servlet-api-3.0.1.jar!/javax/servlet/ServletContext.class
    jar:file:/C:/Dev/repository/org/apache/tomcat/embed/tomcat-embed-core/8.5.35/tomcat-embed-core-8.5.35.jar!/javax/servlet/ServletContext.class

It was loaded from the following location:

    file:/C:/Dev/repository/javax/servlet/javax.servlet-api/3.0.1/javax.servlet-api-3.0.1.jar


Action:

Correct the classpath of your application so that it contains a single, compatible version of javax.servlet.ServletContext

javax.servlet-api-3.0.1 is defined as dependency through xs2a-server-api, but apperently a recent upgrade of a Spring library like Embedded Tomcat uses a higher version of Servlet API (3.1.0) so the two versions clash. Other services that don't use xs2a-server-api are not affected.

Building xs2a-idp
Step 1/6 : FROM jboss/keycloak:3.4.3.Final
 ---> 25161819936c
Step 2/6 : USER root
 ---> Using cache
 ---> 9a203b24d277
Step 3/6 : ADD keycloak-provider-extension/keycloak-clientregistration-provider/target/keycloak-clientregistration-provider.jar /opt/jboss/keycloak/providers/keycloak-clientregistration-provider.jar
ERROR: Service 'xs2a-idp' failed to build: ADD failed: stat /var/lib/docker/tmp/docker-builder928980162/keycloak-provider-extension/keycloak-clientregistration-provider/target/keycloak-clientregistration-provider.jar: no such file or directory

Please, clarify what "keycloak-provider-extension" is and how it can be added - neither with or without DB worked for me?

Place where bug appeared

• xs2a/xs2a-impl/src/main/java/de/adorsys/psd2/xs2a/web/validator/header/TppDomainValidator.java

  Line 109 in 8947ae2

  Optional.ofNullable(tppInfo.getTppName()).ifPresent(dnsList::add);

Current behavior

• When redirect-Approach is used, the Header-Fields TPP-Redirect-URI and TPP-Nok-Redirect-URI are validated. Therefor the Fields TppInfo.getDnsList() is extended by TppInfo.getTppName(). Now we got a certificate for one of our customers with the full Bank name e.g.: 'Foo Bank AG' in TppInfo.getTppName() from https://www.a-trust.at/. So when getTppName() ist not an url or domain-name then an uncatched IllegalArgumentException is thrown by: com.google.common.net.InternetDomainName.from in

  xs2a/xs2a-impl/src/main/java/de/adorsys/psd2/xs2a/web/validator/header/TppDomainValidator.java

  Line 91 in 8947ae2

  if (InternetDomainName.from(url.getHost()).isUnderPublicSuffix()) {

Expected behavior

• Either TppInfo.getTppName() should not be part of this Validation or the Parsing should be failsafe. An Option in AspspProfile for disabling this Validation would also be nice.

Steps to reproduce

• Do an Initiation-Request Consent/Payment for Redirect-Aproach with an Certificate resulting in TppInfo.getTppName() returning a String like 'Foo Bank AG' -> java.lang.IllegalArgumentException is thrown

SCA approach

• Redirect
• Embedded
• Decoupled

XS2A version(s):

• 3.10

Log files or other additional info

de.adorsys.psd2.xs2a.exception.GlobalExceptionHandlerController: Stacktrace: {}
java.lang.IllegalArgumentException: Not a valid domain name: 'foo bank ag'
at com.google.common.base.Preconditions.checkArgument(Preconditions.java:191)
at com.google.common.net.InternetDomainName.(InternetDomainName.java:141)
at com.google.common.net.InternetDomainName.from(InternetDomainName.java:196)
at de.adorsys.psd2.xs2a.web.validator.header.TppDomainValidator.buildURL(TppDomainValidator.java:91)

The architecture documentation states:

• consent-api - API Domain objects for intercommunication with Consent Management System

Basically the content of spi-api are mainly API Domain objects representing the PSD2 XS2A Interface of Berlin Group or similar. Therefore "SPI" makes not so much sense. Calling it e.g. "xs2a-api" and "xs2a-mock" plus the existing "xs2a-impl" would sound more consistent.

I have not fully run all Integration Tests locally, but even a quick test run of CucumberIT recreates the cucumber.json file every time. Not sure, if there is a real value of proposing PRs for that file or keeping it in Git at all?

Setup:

• SPI-Impl with remote connectors to aspsp-profile/cms-standalone (e.g. xs2a-connector-examples: gateway-app)
• we use Redirect-Approach only

We want to use piisConsentSupported: TPP_CONSENT_SUPPORTED

Problem:

When the aspsp-consent-data is loaded in the FundsConfirmationSpiImpl
e.g. here
https://github.com/adorsys/xs2a-connector-examples/blob/9cd3d6f2ccb816ed4a943b79e23c22d5960c8b81/xs2a-connector/src/main/java/de/adorsys/aspsp/xs2a/connector/spi/impl/FundsConfirmationSpiImpl.java#L73-L75
the data is still encrypted and so can't get deserialized.

The root cause of this problem is in passing the unencrypted consent id to the SpiAspspConsentDataProviderImpl here:

When the unencrypted consent-id is sent via http to cms-standalone, cms doesn't decrypt the data due to this piece of code:

In our setup with your xs2a-connector-examples, ledgers and XS2A-Sandbox the TPP_CONSENT_SUPPORTED doesn't work because of this bug.

Place where bug appeared

• /v1/payments/sepa-credit-transfers/{{paymentId}}/cancellation-authorisations
• at de.adorsys.psd2.xs2a.web.RedirectLinkBuilder.buildPaymentCancellationScaRedirectLink(RedirectLinkBuilder.java:126)

Current behavior

• Right now when you initiate a payment and immediately after this, you make a POST on /v1/payments/sepa-credit-transfers/{{paymentId}}/cancellation-authorisations you get an "Internal Server Error"

Expected behavior

• When this workflow is not allowed, then return an business-error. when this workflow might be legal, ensure no NPE is thrown and request returns with a valid response

Steps to reproduce

• Initiate payment via e.g. POST on /v1/payments/sepa-credit-transfers with valid payment data
• Start payment cancellation-authorisation via POST on /v1/payments/sepa-credit-transfers/{{paymentId}}/cancellation-authorisations with empty json-body
• you will receive an HTTP 500

SCA approach

• [ x ] Redirect
• Embedded
• Decoupled

XS2A version(s):

• 8.0

Log files or other additional info

• Stacktrace:

java.lang.NullPointerException: null
	at java.base/java.lang.String.replace(String.java:2158)
	at de.adorsys.psd2.xs2a.web.RedirectLinkBuilder.buildPaymentCancellationScaRedirectLink(RedirectLinkBuilder.java:126)
	at de.adorsys.psd2.xs2a.web.RedirectLinkBuilder$$FastClassBySpringCGLIB$$4872f570.invoke(<generated>)

I debbuged till de.adorsys.psd2.consent.service.AuthorisationServiceInternal.createAuthorisation where authorisationParent.getInternalRequestId(authorisationType) returns null in case of cancellation because PisCommonPaymentData.cancellationInternalRequestId is not set at this time.

Maybe this might be a wrong workflow case. i don't really know, but a NPE is never good ;)
But actually when the Internal-Request-ID is filled (or in my workaround-case set to empty via aspect) then the request returns a valid response

Maybe this also has something to do with Spring and the way it handles different packages and beans, but I'm wondering, why the package namespace in the spi-api module is de.adorsys.aspsp.xs2a.spi.* ?

Isn't this SPI/API a manifestation of the Berlin Group definitions, that should be independent of a particular ASPSP/Bank?

Place where bug appeared

mvn spring-boot:run -DKEYCLOAK_CREDENTIALS_SECRET="b191e51b-e9de-4dcb-a156-a62e98f328a7" -Drun.profiles=fongo

Current behavior

• throws exceptions

Steps to reproduce

follow manual, make sure KC is running, configured.

Log files or other additional info

output.txt

Place where bug appeared

• AccountSpi or Xs2aToSpiAccountReferenceMapper resp.

Current behavior

• When in AccountSpiImpl.requestAccountDetailForAccount() the aspspId of the SpiAccountReference is null. Only the resourceId and other fields are set.

Expected behavior

• The aspspId should be set in the SpiAccountReference argument.

Steps to reproduce

When the TPP calls the resource /v1/accounts/{account-id} then we end up in AccountSpiImpl.requestAccountDetailForAccount(). The argument SpiAccountReference is created in the mapper Xs2aToSpiAccountReferenceMapper and then passed along to the method AccountSpiImpl.requestAccountDetailForAccount(). Unfortunately, the mapper creates the SpiAccountReference using the constructor WITHOUT the aspspId argument. Therefore this field is never set.

SCA approach

• Redirect
• Embedded
• Decoupled

XS2A version(s):

• 5.9, but it seems that it is still buggy in the version 7.4

Log files or other additional info

My understanding of the documentation is that the TPP never knows about the aspspId and the banking backend never knows about the resourceId. Therefore it should be the XS2A Server which maps a resourceId to an aspspId and the other way around. Since the framework does not pass along the aspspId from the AccountReference to the SpiAccountReference how can I get to the aspspId in the AccountSpiImpl? And if it is not supposed to be set in the SpiAccountReference, why is there even this field?

The only way I can make this work now is to set the resourceId and aspspId to the same value (the id from the backend) and use whatever field is not null. But that's probably not the idea.

BTW in the example connectors I saw that you call the ledger using the resourceId. Shouldn't you call the ledger (the banking backend) with the aspspId?

As Postman test definitions were recently added to scripts/tests/postman the earlier location of similar Insomnia definitions under src/test/config seems redundant and inconsistent.
I'd be happy to factor them under a similar folder like scripts/tests/insomnia, unless Postman was preferred as the only REST testing tool, in that case I may also deprecate/remove them.

Place where bug appeared

• de.adorsys.psd2.consent.web.psu.controller.CmsPsuAisController.updateAuthorisationStatus
• de.adorsys.psd2.consent.web.psu.controller.CmsPsuPisController.updateAuthorisationStatus

Current behavior

• ScaStatus.valueOf() is used to map incoming String "status", throws IllegalArgumentException when values due to API-Doc are used (lowercase)

Expected behavior

• I think ScaStatus.fromValue should be used to satisfy API-Doc

Steps to reproduce

• Call PUT /{consent-id}/authorisation/{authorisation-id}/status/finalised
• Call PUT /{payment-id}/authorisation/{authorisation-id}/status/finalised

XS2A version(s):

• 2.0.0

mvn clean install
cd aspsp-mock-server
mvn spring-boot:run

And the application fails to start with the given error

***************************
APPLICATION FAILED TO START
***************************

Description:

Parameter 0 of constructor in de.adorsys.aspsp.aspspmockserver.service.AccountService required a bean of type 'de.adorsys.aspsp.aspspmockserver.repository.AccountRepository' that could not be found.


Action:

Consider defining a bean of type 'de.adorsys.aspsp.aspspmockserver.repository.AccountRepository' in your configuration.

I have not analysed this fully, I must admit. Is it possible that we are missing the value PART in the class TransactionStatus? This class is used in CmsSinglePayment, CmsBuldPayment (as a field).

The class de.adorsys.psd2.model.TransactionStatus which is used as a field in the response Object when retrieving the status of a payment in the XS2A Api contains the value PART. The value is also in the swagger file.

Place where bug appeared

https://github.com/adorsys/xs2a/blob/develop/xs2a-impl/src/main/java/de/adorsys/psd2/xs2a/web/controller/PaymentController.java#L397

Current behavior

If there is no PSU-ID header in the request the SCA status will not be updated to FINALISED even if the authorisation code is correct.

Expected behavior

If the PSU-ID was retrieved in the aspsp-psu interface after the HTTP-Redirect, the xs2a-api should take that PSU-ID into account instead of insisting on a PSU-ID http header on the xs2a interface.

Steps to reproduce

• configure CommonAspspProfileSetting.authorisationConfirmationRequestMandated = true
• configure CommonAspspProfileSetting.psuInInitialRequestMandated = false
• on xs2a interface initiate a SEPA payment using the SCA redirect approach, with no PSU-ID http header.
• on the aspsp-psu interface login with a PSU-ID and approve the payment initiation.
• on xs2a interface finishing the payment initiation still with no PSU-ID http header doing:
  PUT /v1/{payment-service}/{payment-product}/{paymentId}/authorisations/{authorisationId}

The following check fails and SCA status is not updated to FINALISED:
https://github.com/adorsys/xs2a/blob/develop/consent-management/consent-management-lib/src/main/java/de/adorsys/psd2/consent/service/authorisation/CmsAuthorisationService.java#L103

It is called from:
https://github.com/adorsys/xs2a/blob/develop/xs2a-impl/src/main/java/de/adorsys/psd2/xs2a/service/authorization/pis/PisAuthorisationConfirmationService.java#L142

SCA approach

• [x ] Redirect
• Embedded
• Decoupled

XS2A version(s):

• HEAD

Place where bug appeared

• de.adorsys.psd2.consent.service.AisAuthorisationServiceInternal.saveNewAuthorization
• de.adorsys.psd2.consent.service.PisCommonPaymentServiceInternal.saveNewAuthorisation

Current behavior

• When PSU-Data is given in initiiation of Payment/Consent, then the created Authorisation is set to Status psuIdentified, even in Redirect-Appoach

Expected behavior

• We are not sure but we think, that status psuIdentified should only be used in Embedded or Decoupled Approach. In Redirect-Approach the default status should be received

Steps to reproduce

• Create new Consent or Payment in an Environment where Redirect Approach is default or only Redirect-Approach is active
• Make a GET on the created Authorisation /authorisations/{{id}}
• => Status will be psuIdentified

SCA approach

• [x ] Redirect
• Embedded
• Decoupled

XS2A version(s):

• 3.10

Is there a possibility to add links to AIS response from spi-api without changing xs2a-impl code? For example I want to add account link to CardAccountDetails response.

The top level README states:

XS2A-impl is an implemetation of PSD2 XS2A Interface of Berlin Group. All mandatory API endpoints defined in Berlin Group specification V1.0 are implemented.

While the "Operational Rules" document by Berlin Group has not changed since V1.0 (Feb 8, 2018) there have been two updates of the "Implementation Guidelines" with API definitions and other relevant specifications. The most recent one is 1.2 (July 25, 2018)

Could the README document or another place clarify which is the latest version of the Berlin Group specification (especially the Implementation Guideline) in use by this project?

Place where bug appeared

Getting started guide, Run as ASPSP-Mock-Server

Current behavior

running command
mvn spring-boot:run -dKEYCLOAK_CREDENTIALS_SECRET="b191e51b-e9de-4dcb-a156-a62e98f328a7" -Drun.profiles=fongo

throws exception:
Unable to parse command line options: Unrecognized option: -dKEYCLOAK_CREDENTIALS_SECRET=b191e51b-e9de-4dcb-a156-a62e98f328a7

Steps to reproduce

follow manual step by step

XS2A version(s):

latest

Hi, I want to use docker-compose to set up the whole system.
I read from #19 that I have to run mvn package first. I'm having some problem executing this command.

I'm using Java JDK 11 and Ubuntu 18.04.
First, I got this error:

Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.1:compile (default-compile) on project xs2a-server-api: Fatal error compiling

Fatal error compiling: java.lang.ExceptionInInitializerError: com.sun.tools.javac.code.TypeTags -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.1:compile (default-compile) on project xs2a-server-api: Fatal error compiling

I read of this problem here and the solution was specifying the lombok version <version>1.16.22</version> in xs2a-core.

Now I'm facing this error:

org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.apache.maven.plugins:maven-surefire-plugin:2.18.1:test (default-test) on project aspsp-profile-lib: Execution default-test of goal org.apache.maven.plugins:maven-surefire-plugin:2.18.1:test failed: The forked VM terminated without properly saying goodbye. VM crash or System.exit called?

and I'm not finding any solution. Do you have any suggestions?
Is the command mvn package really necessary to run docker-compose?

Thank you for your help.

In DICT_01.Business_objects paragraphs like DICT_01_08 Authentication Type use the term "authorised" (British English, also matches the Berlin Group documents) while other paragraphs like DICT_01_12 Account Access talk about "authorization" (US English). DICT_01_15 Balances has an attribute "authorized".
This should be consistent, especially in one and the same document. Whether to use US English (often the case in technical terms, HTTP also has the status 401 Unauthorized) or British English, I won't judge, but it should be consistent across this document and ideally the whole documentation.

Place where bug appeared

de.adorsys.psd2.consent.service.AisConsentServiceInternal.findAndTerminateOldConsentsByNewConsentId(AisConsentServiceInternal.java:220)

Current behavior

SQLException is thrown:
SQL Error: 932, SQLState: 42000
ORA-00932: inconsistent datatypes: expected - got BLOB

Expected behavior

no exception should be thrown

Steps to reproduce

• run xs2a with Oracle database
• add a new AIS consent
• add a new AIS consent for the same user and TPP

SCA approach

• [ x] Redirect
• Embedded
• Decoupled

XS2A version(s):

• 5.6

Log files or other additional info

The SQL-query "select distinct c from ais_consent c.." does not work on Oracle because of the added BLOB-Type column "checksum" in liquibase change-set 0091.

See https://hibernate.atlassian.net/browse/HHH-10603 and also https://docs.oracle.com/en/database/oracle/oracle-database/18/adlob/SQL-semantics-and-LOBs.html#GUID-8287AF94-2E69-4BB7-B4EB-0584D10DD144

Hi,

I got that exception when calling : /v1/accounts/
java.lang.NullPointerException: null
at de.adorsys.aspsp.xs2a.service.ConsentService.getValidatedSpiAccountConsent(ConsentService.java:284)
at de.adorsys.aspsp.xs2a.service.ConsentService.getValidatedConsent(ConsentService.java:162)
at de.adorsys.aspsp.xs2a.service.AccountService.getAccountDetailsList(AccountService.java:96)
at de.adorsys.aspsp.xs2a.service.AccountService$$FastClassBySpringCGLIB$$610c505e.invoke()
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:736)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at org.springframework.validation.beanvalidation.MethodValidationInterceptor.invoke(MethodValidationInterceptor.java:150)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.framework.adapter.AfterReturningAdviceInterceptor.invoke(AfterReturningAdviceInterceptor.java:55)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:168)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:671)
at de.adorsys.aspsp.xs2a.service.AccountService$$EnhancerBySpringCGLIB$$deb0535.getAccountDetailsList()
at de.adorsys.aspsp.xs2a.web.AccountController.getAccountList(AccountController.java:52)
at de.adorsys.psd2.api.AccountApi._getAccountList(AccountApi.java:78)
[...]

After investigation, call to ConsentService#getValidatedConsent is made on proxy instead of real object.
That's because method cannot be proxified as it is package-visible.

You need to declare it as public

Regards
Ludovic

Place where bug appeared

• Getting started manual. Step: "create tables using liquibase"

Current behavior

• [INFO] ------------------------------------------------------------------------
  [INFO] BUILD FAILURE
  [INFO] ------------------------------------------------------------------------
  [INFO] Total time: 2.426 s
  [INFO] Finished at: 2019-03-07T11:18:46-05:00
  [INFO] ------------------------------------------------------------------------
  [ERROR] No plugin found for prefix 'liquidbase' in the current project and in the plugin groups [org.jenkins-ci.tools, org.apache.maven.plugins, org.codehaus.mojo] available from the repositories [local (C:\Users\vm.m2\repository), repo.jenkins-ci.org (http://repo.jenkins-ci.org/public/), public (http://alm-artifacts.misys.global.ad/maven/content/groups/public), central (https://repo.maven.apache.org/maven2)] -> [Help 1]
  [ERROR]
  [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
  [ERROR] Re-run Maven using the -X switch to enable full debug logging.
  [ERROR]
  [ERROR] For more information about the errors and possible solutions, please read the following articles:
  [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/NoPluginFoundForPrefixException

Steps to reproduce

Follow manual, step by step.
command failed: mvn liquibase:update

XS2A version(s):

• latest code from develop branch

Log files or other addi

log.txt
tional info
Feel free to provide more info about your problem

Place where bug appeared

• e.g. /psu-api/v1/payment/redirect/{redirect-id}

Current behavior

• Right now the api's for aspsp/psu for getting payment information return no common-payment information when a non-standard-payment-product (none of "sepa-credit-transfers", "instant-sepa-credit-transfers", "target-2-payments", "cross-border-credit-transfers" is requested. E.g. initiation of a pain.001-sepa-credit-transfers with xml content leads to this problem.

Expected behavior

• Should return at least the common-payment information. We Upgraded from 3.11 to 8.0 and in 3.11 we got those information. ( "paymentId", "paymentProduct", "psuIdDatas", "tppInfo", "creationTimestamp","statusChangeTimestamp","paymentType", "transactionStatus","paymentData")

Steps to reproduce

• Initiate a non-standard pament
• request that payment with any payment-getting api-method on aspsp/psu api. (e.g. /psu-api/v1/payment/redirect/{redirect-id} )

SCA approach

• Redirect
• Embedded
• Decoupled

XS2A version(s):

• 8.0

Log files or other additional info

de.adorsys.psd2.mapper.CmsCommonPaymentMapperSupportImpl

• currently returns null on each method (mapToCmsSinglePayment, mapToCmsBulkPayment, mapToCmsPeriodicPayment)
• it shouldn't try to parse from json when it is not json
• it should return commonPament when non-standard-payment-product

Question

Is there any plan to verify or even truncate the field lengths in the XS2A service component?

Current behavior

• Right now the XS2A services delegate the retrieval of data to the SPIs. E.g. the request to return the account list is delegated to an implementation of an AccountSpi which then connects to the ASPSP to retrieve the data and fill it into the SpiResponse as payload. Currently, it seems as if this implementation of an AccountSpi is responsible to stick to the length limitations (e.g. the last transaction is limited to 35 chars).

Expected behavior

• Instead of having every implementer find out the lengths and implement the limits, it would be nice, if the framework would truncate the fields which have a limit. If the implementer of the AccountSpi would like to have something better than a truncate he/she could always implement the limits in that special way before returning the value.

XS2A version(s):

• 5.1