Merge pull request #163 from camaraproject/remove-INVALID_TOKEN_CONTEXT

Remove 403 INVALID_TOKEN_CONTEXT
camaraproject · Jan 27, 2025 · d2a08dd · d2a08dd
2 parents f0b558b + 0edede0
commit d2a08dd
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 37 deletions.
diff --git a/code/API_definitions/number-verification.yaml b/code/API_definitions/number-verification.yaml
@@ -277,7 +277,6 @@ components:
         Client does not have sufficient permission.
         In addition to regular scenario of `PERMISSION_DENIED`, other scenarios may exist:
           - Client authentication was not via mobile network. In order to check the authentication method, AMR parameter value in the 3-legged user's access token can be used and make sure that the authentication was not either by SMS+OTP nor username/password (`{"code": "NUMBER_VERIFICATION.USER_NOT_AUTHENTICATED_BY_MOBILE_NETWORK","message": "Client must authenticate via the mobile network to use this service"}`)
-          - Phone number cannot be deducted from access token context.(`{"code": "INVALID_TOKEN_CONTEXT","message": "Phone number cannot be deducted from access token context"}`)
       headers:
         x-correlator:
           $ref: "#/components/headers/x-correlator"
@@ -295,7 +294,6 @@ components:
                     enum:
                       - PERMISSION_DENIED
                       - NUMBER_VERIFICATION.USER_NOT_AUTHENTICATED_BY_MOBILE_NETWORK
-                      - INVALID_TOKEN_CONTEXT
           examples:
             GENERIC_403_PERMISSION_DENIED:
               description: Permission denied. OAuth2 token access does not have the required scope or when the user fails operational security
@@ -308,11 +306,6 @@ components:
                 status: 403
                 code: NUMBER_VERIFICATION.USER_NOT_AUTHENTICATED_BY_MOBILE_NETWORK
                 message: Client must authenticate via the mobile network to use this service
-            GENERIC_403_INVALID_TOKEN_CONTEXT:
-              value:
-                status: 403
-                code: INVALID_TOKEN_CONTEXT
-                message: Phone number cannot be deducted from access token context
 externalDocs:
   description: Project documentation at CAMARA
   url: https://github.com/camaraproject/NumberVerification
diff --git a/code/Test_Definitions/number-verification-device-phone-number-share.feature b/code/Test_Definitions/number-verification-device-phone-number-share.feature
@@ -69,21 +69,22 @@ Feature: Camara Number Verification API device phone number share
     And the response property "$.code" is "UNAUTHENTICATED"
     And the response property "$.message" is "Request not authenticated due to missing, invalid, or expired credentials."
 
-  @NumberVerification_phone_number_share203_no_phonenumber_associated_with_access_token
-  Scenario:  share phone number with valid access token that is not associated with a phone number
-    Given they use the base url
-    And the resource is "/device-phone-number"
-    And one of the scopes associated with the access token is number-verification:device-phone-number:read
-    When the HTTPS "GET" request is sent
-    And the connection the request is sent over originates from a device with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1
-    And the access token is not associated with a phone number
-    And the response header "x-correlator" has same value as the request header "x-correlator"
-    And the response header "Content-Type" is "application/json"
-    And the response body complies with the OAS schema at "/components/schemas/ErrorInfo"
-    Then the response status code is 403
-    And the response property "$.status" is 403
-    And the response property "$.code" is "INVALID_TOKEN_CONTEXT"
-    And the response property "$.message" is "Phone number cannot be deducted from access token context."
+#  @NumberVerification_phone_number_share203_no_phonenumber_associated_with_access_token
+#  Note: As 403 INVALID_TOKEN_CONTEXT code was removed this test is not anymore relevant.
+#  Scenario:  share phone number with valid access token that is not associated with a phone number
+#    Given they use the base url
+#    And the resource is "/device-phone-number"
+#    And one of the scopes associated with the access token is number-verification:device-phone-number:read
+#    When the HTTPS "GET" request is sent
+#    And the connection the request is sent over originates from a device with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1
+#    And the access token is not associated with a phone number
+#    And the response header "x-correlator" has same value as the request header "x-correlator"
+#    And the response header "Content-Type" is "application/json"
+#    And the response body complies with the OAS schema at "/components/schemas/ErrorInfo"
+#    Then the response status code is 403
+#    And the response property "$.status" is 403
+#    And the response property "$.code" is "INVALID_TOKEN_CONTEXT"
+#    And the response property "$.message" is "Phone number cannot be deducted from access token context."
 
   @NumberVerification_phone_number_share205_must_have_used_network_authentication
   Scenario:  share phone number with valid access token but network authentication was not used

diff --git a/code/Test_Definitions/number-verification-verify.feature b/code/Test_Definitions/number-verification-verify.feature
@@ -167,21 +167,22 @@ Feature: Camara Number Verification API verify
     And the response property "$.code" is "INVALID_ARGUMENT"
     And the response property "$.message" contains a user friendly text
 
-  @NumberVerification_phone_number_verify204_no_phonenumber_associated_with_access_token
-  Scenario:  verify phone number with valid access token that is not associated with a phone number
-    Given they use the base url
-    And the resource is "/verify"
-    And one of the scopes associated with the access token is number-verification:verify
-    When the HTTPS "GET" request is sent
-    And the connection the request is sent over originates from a device with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1
-    And the access token is not associated with a phone number
-    And the response header "x-correlator" has same value as the request header "x-correlator"
-    And the response header "Content-Type" is "application/json"
-    And the response body complies with the OAS schema at "/components/schemas/ErrorInfo"
-    Then the response status code is 403
-    And the response property "$.status" is 403
-    And the response property "$.code" is "INVALID_TOKEN_CONTEXT"
-    And the response property "$.message" is "Phone number cannot be deducted from access token context."
+#  @NumberVerification_phone_number_verify204_no_phonenumber_associated_with_access_token
+#  Note: As 403 INVALID_TOKEN_CONTEXT code was removed this test is not anymore relevant.
+#  Scenario:  verify phone number with valid access token that is not associated with a phone number
+#    Given they use the base url
+#    And the resource is "/verify"
+#    And one of the scopes associated with the access token is number-verification:verify
+#    When the HTTPS "GET" request is sent
+#    And the connection the request is sent over originates from a device with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1
+#    And the access token is not associated with a phone number
+#    And the response header "x-correlator" has same value as the request header "x-correlator"
+#    And the response header "Content-Type" is "application/json"
+#    And the response body complies with the OAS schema at "/components/schemas/ErrorInfo"
+#    Then the response status code is 403
+#    And the response property "$.status" is 403
+#    And the response property "$.code" is "INVALID_TOKEN_CONTEXT"
+#    And the response property "$.message" is "Phone number cannot be deducted from access token context."
 
   @NumberVerification_phone_number_verify205_must_have_used_network_authentication
   Scenario:  verify phone number with valid access token but network authentication was not used