Skip to content

Paying when payment is required #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
michielbdejong opened this issue Mar 1, 2021 · 4 comments
Closed

Paying when payment is required #5

michielbdejong opened this issue Mar 1, 2021 · 4 comments

Comments

@michielbdejong
Copy link
Collaborator

Split out from #4.
When a 402 Payment Required response is received, how does the user(-agent) pay before trying again?
@michielbdejong
Copy link
Collaborator Author

michielbdejong commented Mar 9, 2021
edited
Loading

This part is still tricky, I'm still brainstorming about this.

Now I just need to figure out a way to establish the payParams.

It would be easier here to use a payment pointer, but we want to create a specific invoice for this specific user making this specific http request (at this specific time). But what we have is the payment pointer of the pod owner.

So given:

  • a unique identifier for this request (user webid, request URL, request method, maybe request headers, maybe request body)
  • the payment pointer of the pod owner
  • presumably, some way to set a price
  • optionally, some expiry date

How do you create an ILP/STREAM invoice?

I'm going to use the word 'ticket' to mean the abstract thing the user buys by paying. It may be slightly confusing because the user doesn't present the ticket (so "guest list entry" would be a better word than "ticket" in that sense) but since that part of the flow doesn't affect the earlier parts of the flow, and "ticket" is an easier concept, I'll still stick to it for now.

What should be the realm to which the ticket gives access? The request that returned a 402 response already happened, so you can no longer get access there. But suppose the exact same 402 is repeated at a later point in time. Then obviously it should succeed. What if the method or one of the headers is different? How do you slice up the space of possible slightly-different http requests a user could try to do after paying? It seems reasonable to go back to the ACL document for that. We can say one ticket gives access to everything the specific acl:Authorization gives access to.

For simplicity, we don't support expiry, so once you have access to a given acl:Authorization, you will always have access until the server is taken offline, or until the ACL doc is changed and an acl:Authorization with that URI no longer exists. If we want to add expiry dates then I think that can go into the ACL doc as an additional triple on the authorization.

Also for simplicity, let's say the price is always "any non-zero amount" (pay what you like, as long as it's not zero). If we want to add price then I think that can go into the ACL doc as an additional triple on the authorization.

@michielbdejong
Copy link
Collaborator Author

See also the issue about this at the monetization-tests.
See also the issue about this at node-solid-server.

@michielbdejong
Copy link
Collaborator Author

So then "ticket space" has two dimensions for now: the URI of the acl:Authorization and the webid of the agent.

@michielbdejong
Copy link
Collaborator Author

For now, mainly due to sync vs async considerations and not wanting to change the code paths in NSS acl check code too much, I went with tickets per agent & resource URL, see https://github.com/solid/monetization-tests/blob/3cf0d87/test/surface/payment-required.test.ts#L117

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@michielbdejong