check compatible badge versions in assertion validation #490
Comments
|
It's not entirely clear what the version number is for. I thought it was for the version of the badge, not the version of the spec of the badge. So, 1.0 would be valid, because it's relative to the actual badge, not the spec. |
|
Yeah, this is my fault. The docs didn't make it abundantly clear that the version number was supposed to be spec version not badge version (though the docs did say to "just use 0.5.0"), and the majority treated it as the latter. I think it's too late to add this validation now because it would break a lot of existing systems. |
|
In convos with @stenington and @iamjessklein we'd like to inquire whether this means the spec should be updated. |
|
I believe this issue is no longer relevant, based upon how badge validation and spec versioning is handled in the new assertion spec. (see backwards compatibility) Correct me if I'm wrong. |
Add a whitelist of badge spec versions that are checked during validation. Only badge spec versions that have been released for OBI should be accepted.
Right now if a user enters a badge version number that is n.n or n.n.n, it validates properly. That means that if a issuer makes up a version in their assertion file like 1.0, the badge properly validates and is added to the backpack -- future validation is going to be a pain if issuers enter arbitrary version numbers and those badges accepted. I just filed a related issue for WPBadger.
The text was updated successfully, but these errors were encountered: