Skip to content

feat: add JSON API for FDO Owner Server with OpenAPI specification #130

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: add JSON API for FDO Owner Server with OpenAPI specification #130

wants to merge 1 commit into from

Conversation

@djach7
Copy link
Contributor

@djach7 djach7 commented Nov 21, 2025

Implements comprehensive JSON responses for all FIDO Device Onboard Owner
Server endpoints while maintaining backward compatibility with existing
PEM-based clients through Accept header content negotiation.

Key Features

  • All Owner API endpoints return JSON by default
  • OpenAPI 3.1 specification ready for code generation
  • Comprehensive test coverage validating JSON responses
  • Backward compatibility via Accept: application/x-pem-file
  • Split server architecture preserved
  • Consolidated error handling patterns

New Files

  • api/openapi/owner-server.yaml: OpenAPI 3.1 specification (139 lines)
  • api/handlers/responses.go: JSON response utilities (108 lines)
  • api/handlersTest/json_api_test.go: JSON validation tests (84 lines)
  • api/handlersTest/helpers_test.go: Test helper functions (26 lines)
  • api/openapi/README.md: Documentation (25 lines)

Modified Files

  • api/handlers/vouchers.go: JSON responses + error consolidation
  • api/handlers/ownerinfo.go: JSON error handling
  • api/handlersTest/vouchers_test.go: Updated for JSON expectations
  • Makefile: Added OpenAPI validation/generation targets
  • .gitignore: OpenAPI generator artifacts

Testing

All endpoints tested with comprehensive JSON validation:

  • TestJSONResponsesRequired: validates JSON Content-Type headers
  • TestInsertVoucherHandler: voucher operations with JSON responses
  • TestBackwardCompatibilityPEM: ensures PEM clients still work

@djach7 djach7 force-pushed the owner-api-refactor branch 2 times, most recently from 5e7dc09 to dfb5a39 Compare November 21, 2025 17:18
@djach7
feat: add JSON API for FDO Owner Server with OpenAPI specification
12406f4 
  Implements comprehensive JSON responses for all FIDO Device Onboard Owner
  Server endpoints while maintaining backward compatibility with existing
  PEM-based clients through Accept header content negotiation.

  ## Key Features
  - All Owner API endpoints return JSON by default
  - OpenAPI 3.1 specification ready for code generation
  - Comprehensive test coverage validating JSON responses
  - Backward compatibility via Accept: application/x-pem-file
  - Split server architecture preserved
  - Consolidated error handling patterns

  ## New Files
  - api/openapi/owner-server.yaml: OpenAPI 3.1 specification (139 lines)
  - api/handlers/responses.go: JSON response utilities (108 lines)
  - api/handlersTest/json_api_test.go: JSON validation tests (84 lines)
  - api/handlersTest/helpers_test.go: Test helper functions (26 lines)
  - api/openapi/README.md: Documentation (25 lines)

  ## Modified Files
  - api/handlers/vouchers.go: JSON responses + error consolidation
  - api/handlers/ownerinfo.go: JSON error handling
  - api/handlersTest/vouchers_test.go: Updated for JSON expectations
  - Makefile: Added OpenAPI validation/generation targets
  - .gitignore: OpenAPI generator artifacts

  ## Testing
  All endpoints tested with comprehensive JSON validation:
  - TestJSONResponsesRequired: validates JSON Content-Type headers
  - TestInsertVoucherHandler: voucher operations with JSON responses
  - TestBackwardCompatibilityPEM: ensures PEM clients still work

Signed-off-by: djach7 <[email protected]>
@djach7 djach7 force-pushed the owner-api-refactor branch from dfb5a39 to 12406f4 Compare November 21, 2025 19:30
@djach7 djach7 marked this pull request as ready for review November 25, 2025 14:49
mmartinv
mmartinv reviewed Nov 27, 2025
View reviewed changes
Copy link
Collaborator

@mmartinv mmartinv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While I think this is a good step forward to having an implementation we need more refinement and agree on the tools we are going to use and how to split the APIs, e.g.: the health api is going to be use by all the servers and we don't need 3 different implementations, the same will happen with the device CA cert management)

api/handlers/vouchers.go
// Handle both raw PEM and form-encoded PEM data
var pemData []byte
contentType := r.Header.Get("Content-Type")
if strings.Contains(contentType, "application/x-www-form-urlencoded") {
Copy link
Collaborator

@mmartinv mmartinv Nov 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

According to the openapi document the post operation accepts application/x-pem-file only.

Either way, I don't think posting the ownership vouchers embed in a json document adds any value, it makes more difficult to upload the OVs as we need to build a json document now.

Makefile
Comment on lines +33 to +45
.PHONY: generate-api
generate-api: validate-openapi
@echo "Generating Go server and client code from OpenAPI specification..."
@mkdir -p $(GENERATED_DIR)/server $(GENERATED_DIR)/client
openapi-generator generate \
-i $(OPENAPI_SPEC) \
-g go-server \
-o $(GENERATED_DIR)/server \
--additional-properties=packageName=openapi,outputAsLibrary=true,sourceFolder=src/main/go
openapi-generator generate \
-i $(OPENAPI_SPEC) \
-g go \
-o $(GENERATED_DIR)/client \
Copy link
Collaborator

@mmartinv mmartinv Nov 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of using a Makefile target to generate the api I would prefer to use the golang native approach to generate code, please see https://github.com/oapi-codegen/oapi-codegen/?tab=readme-ov-file#for-go-124 as an example. We will need a Makefile target anyway but in this case it will run go generate and we will make the build target to depend on it.

This leads me to open the discussion about using the openapi generator tools (java) or the more native oapi-codegen shown in the link above.

After thinking a lot about this I think we should use the native tool as it's very well documented and used by other projects, but as I said this is open to discussion.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mmartinv mmartinv mmartinv left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@djach7 @mmartinv