Problem
The POST /internal/auth/v2/{subjectID}/request-credential endpoint in docs/_static/auth/v2.yaml has a misleading response description.
The description on the 200 response says:
Successful request. Responds with a redirect_uri for the user and a session_id for correlation.
However, the schema referenced by that response is RedirectResponse, which only contains redirect_uri — no session_id. The session_id field belongs to RedirectResponseWithID, used by other endpoints (e.g. request-user-access-token).
See:
- Description:
docs/_static/auth/v2.yaml around line 188-189
RedirectResponse schema: docs/_static/auth/v2.yaml:552RedirectResponseWithID schema: docs/_static/auth/v2.yaml:562
Fix options
Either:
- Update the description to drop the
session_id mention (if no correlation ID is actually needed for this flow), or
- Change the response schema to
RedirectResponseWithID and have the implementation return a session_id (if correlation is intended).
Option 1 matches current behavior; option 2 would be a behavioral change.
Assisted by AI
Problem
The
POST /internal/auth/v2/{subjectID}/request-credentialendpoint indocs/_static/auth/v2.yamlhas a misleading response description.The description on the
200response says:However, the schema referenced by that response is
RedirectResponse, which only containsredirect_uri— nosession_id. Thesession_idfield belongs toRedirectResponseWithID, used by other endpoints (e.g.request-user-access-token).See:
docs/_static/auth/v2.yamlaround line 188-189RedirectResponseschema:docs/_static/auth/v2.yaml:552RedirectResponseWithIDschema:docs/_static/auth/v2.yaml:562Fix options
Either:
session_idmention (if no correlation ID is actually needed for this flow), orRedirectResponseWithIDand have the implementation return asession_id(if correlation is intended).Option 1 matches current behavior; option 2 would be a behavioral change.
Assisted by AI