[Mosip-44166] - Delegate Tetscases#1686
Open
likhitharl wants to merge 13 commits intomosip:developfrom
Open
Conversation
Signed-off-by: Likhitha R L <likhitha.rl@technoforte.co.in>
WalkthroughAdds idKeyName and Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~28 minutes Poem
🚥 Pre-merge checks | ✅ 1 | ❌ 2❌ Failed checks (1 warning, 1 inconclusive)
✅ Passed checks (1 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 6
Note
Due to the large number of review comments, Critical severity comments were prioritized as inline comments.
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (2)
api-test/src/main/resources/ida/GenerateVID/createGenerateVID.yml (2)
478-480:⚠️ Potential issue | 🟡 MinorTC numbering gap: TC_IDA_GenerateVID_15 is now missing from the sequence.
The removed left-iris block was
TC_IDA_GenerateVID_15; the right-iris block jumps straight toTC_IDA_GenerateVID_16. If the test catalogue or traceability matrix uses sequential IDs, consider either re-numbering_16→_15or explicitly marking_15as retired so the gap is intentional and documented.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/GenerateVID/createGenerateVID.yml` around lines 478 - 480, The test ID sequence shows a gap: the existing block auth_GenerateVID_for_kycDelegated_bio_rightIris_sid uses uniqueIdentifier TC_IDA_GenerateVID_16 while TC_IDA_GenerateVID_15 was removed; either renumber TC_IDA_GenerateVID_16 → TC_IDA_GenerateVID_15 to restore sequential IDs or add a placeholder/retired entry named (for example) TC_IDA_GenerateVID_15 with a comment/flag indicating it is retired so the gap is explicit; update the uniqueIdentifier field in the auth_GenerateVID_for_kycDelegated_bio_rightIris_sid block (or add the retired block) and ensure any external test catalogue or traceability references are adjusted to match.
478-511:⚠️ Potential issue | 🔴 CriticalFix rightIris test case: replace
leftIrisidentity fixtures withrightIrisequivalents.The
auth_GenerateVID_for_kycDelegated_bio_rightIris_sidblock (TC_IDA_GenerateVID_16) is wired to the wrong identity fixture. All three identity token references still point toleftIrisfixtures, butrightIrisequivalents exist in AddIdentity.yml and must be used instead:
- Line 489:
individualId→ changeleftIris_Auth_VID_smoke_Pos_UINtorightIris_Auth_VID_smoke_Pos_UIN- Line 495:
otp→ changeleftIris_Auth_VID_smoke_Pos_EMAILtorightIris_Auth_VID_smoke_Pos_EMAIL- Line 499:
sendOtp.individualId→ changeleftIris_Auth_VID_smoke_Pos_UINtorightIris_Auth_VID_smoke_Pos_UINThis appears to be a copy-paste error from the
leftIrisblock. Without this fix, the VID will be generated against the wrong identity fixture.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/GenerateVID/createGenerateVID.yml` around lines 478 - 511, The auth_GenerateVID_for_kycDelegated_bio_rightIris_sid (TC_IDA_GenerateVID_16) test is using leftIris fixtures by mistake; update the three token references to use rightIris equivalents: replace the value in individualId (currently referencing AddIdentity_For_Kyc_Delegated_leftIris_Auth_VID_smoke_Pos_UIN) with AddIdentity_For_Kyc_Delegated_rightIris_Auth_VID_smoke_Pos_UIN, replace otp (currently AddIdentity_For_Kyc_Delegated_leftIris_Auth_VID_smoke_Pos_EMAIL) with AddIdentity_For_Kyc_Delegated_rightIris_Auth_VID_smoke_Pos_EMAIL, and update sendOtp.individualId to AddIdentity_For_Kyc_Delegated_rightIris_Auth_VID_smoke_Pos_UIN so the rightIris fixtures are used.
♻️ Duplicate comments (4)
api-test/src/main/resources/ida/PmsIntegration/DefinePolicy/definePolicyResult.hbs (1)
1-5: Same JSON-literal concern foris_Activeas in definePolicyGroupResult.hbs.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/PmsIntegration/DefinePolicy/definePolicyResult.hbs` around lines 1 - 5, The template emits a raw Handlebars token for is_Active which can produce invalid JSON or wrong casing; update definePolicyResult.hbs to render a proper JSON boolean instead of bare {{is_Active}} — e.g. replace the token with an explicit boolean output using a conditional or JSON helper (for example {{`#if` is_Active}}true{{else}}false{{/if}} or use a helper like json this.is_Active) so the response.response.is_Active is always a valid unquoted true/false value.api-test/src/main/resources/ida/OtpAuthKycExchange/OtpAuthKycExchange.hbs (1)
1-23: This template is structurally identical toDemoAuthKycExchange/DemoAuthKycExchange.hbs.Both files share the same field set, placeholders, and iteration logic. The same
{{consentObtainedValue}}/{{localesValue}}accessor concern raised onDemoAuthKycExchange.hbsapplies here equally.If these two modalities truly require different KYC Exchange payloads in the future, keeping them separate is fine; otherwise consider a single shared template to reduce maintenance overhead.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/OtpAuthKycExchange/OtpAuthKycExchange.hbs` around lines 1 - 23, The two templates OtpAuthKycExchange.hbs and DemoAuthKycExchange.hbs are duplicates and both misuse the array item accessor names (they reference {{consentObtainedValue}}/{{localesValue}} which likely don't exist); either extract the shared JSON body into a single partial/template and have both include it, or delete one and reuse the other, and update the iteration blocks (in OtpAuthKycExchange.hbs) to reference the actual item value (e.g., use {{this}} or the real property name of each consent/locales item inside the {{`#each` consentObtained}} and {{`#each` locales}} loops) so the arrays render correctly. Ensure the partial/template name and the loop fixes are applied to both OtpAuthKycExchange.hbs and DemoAuthKycExchange.hbs.api-test/src/main/resources/ida/BioAuthKycExchange/BioAuthKYCExchangeResult.hbs (1)
1-1: Same empty‑template validation concern as DemoAuthKycExchangeResult.hbs.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/BioAuthKycExchange/BioAuthKYCExchangeResult.hbs` at line 1, The Handlebars template BioAuthKYCExchangeResult.hbs is empty (same issue as DemoAuthKycExchangeResult.hbs); either populate it with the expected template markup (fields, helpers and a minimal valid structure) or remove the empty file and update any generator/validation code to avoid referencing it. Locate BioAuthKYCExchangeResult.hbs and add the required template content consistent with DemoAuthKycExchangeResult.hbs (or another canonical example), ensure it passes template validation and any build-time checks, and update references that expect the template name so no empty-template validation errors occur.api-test/src/main/resources/ida/BioAuthKycExchange/BioAuthKYCExchangeV2.hbs (1)
10-13: Same{{localesValue}}empty-string issue asBioAuthKYCExchange.hbs.Apply the same
{{this}}fix described forBioAuthKYCExchange.hbslines 10–20.🐛 Proposed fix
"locales": [ {{`#each` locales}} - "{{localesValue}}" + "{{this}}" {{`#unless` `@last`}},{{/unless}} {{/each}} ],🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/BioAuthKycExchange/BioAuthKYCExchangeV2.hbs` around lines 10 - 13, The Handlebars each block in BioAuthKYCExchangeV2.hbs is emitting empty strings because it uses the wrong identifier `{{localesValue}}`; update the `{{`#each` locales}}` iteration to reference the current item with `{{this}}` (i.e., replace `{{localesValue}}` with `{{this}}`) and keep the existing comma/last-item logic so the list renders correctly; locate the `{{`#each` locales}}` block in the BioAuthKycExchange/BioAuthKYCExchangeV2.hbs template and make this substitution.
🟠 Major comments (25)
api-test/src/main/java/io/mosip/testrig/apirig/auth/testscripts/OtpAuthNew.java-185-186 (1)
185-186:⚠️ Potential issue | 🟠 MajorAvoid logging full auth response bodies.
This can leak sensitive data into logs. Prefer logging status/correlation IDs or redacted fields.
🔒 Suggested change
- logger.info("Response is = " + response.asString()); + logger.info("Response status = " + response.getStatusCode());🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/java/io/mosip/testrig/apirig/auth/testscripts/OtpAuthNew.java` around lines 185 - 186, The test currently logs the full auth response in OtpAuthNew.java (the logger.info call immediately after postRequestWithCookieAuthHeaderAndSignature), which can leak secrets; change this to log only non-sensitive metadata: capture and log response.getStatusCode() and any correlation ID/header (e.g., response.getHeader("X-Correlation-ID") or response.path("correlationId")) and, if you must include body fields, parse the JSON and redact sensitive fields (tokens, otp, authToken) before logging. Update the code around the postRequestWithCookieAuthHeaderAndSignature(...) call so it no longer calls response.asString() for logs and instead logs status/correlation or a sanitized map of allowed fields.api-test/src/main/java/io/mosip/testrig/apirig/auth/testscripts/OtpAuthNew.java-187-189 (1)
187-189:⚠️ Potential issue | 🟠 MajorGuard
writeAutoGeneratedIdwhenidKeyNameis missing.If
idKeyNameisn’t supplied in suite params, this call can fail at runtime. Fail fast with a clear error.🛡️ Suggested change
if (testCaseName.toLowerCase().contains("_sid")) { - writeAutoGeneratedId(response, idKeyName, testCaseName); + if (idKeyName == null || idKeyName.trim().isEmpty()) { + throw new AdminTestException("Missing idKeyName parameter for _sid test cases"); + } + writeAutoGeneratedId(response, idKeyName, testCaseName); }🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/java/io/mosip/testrig/apirig/auth/testscripts/OtpAuthNew.java` around lines 187 - 189, The call to writeAutoGeneratedId(response, idKeyName, testCaseName) can NPE when idKeyName is missing; before calling it (in OtpAuthNew.java where testCaseName and idKeyName are used), validate idKeyName is not null/empty and if it is, fail fast with a clear error: throw an IllegalArgumentException or call the existing test-failure helper with a message like "Missing suite param: idKeyName required for auto-generated ID for testCaseName=<...>". Ensure you reference the idKeyName, testCaseName and writeAutoGeneratedId symbols in the error so the failure is actionable.api-test/src/main/resources/ida/PmsIntegration/DeactivatePolicy/DeactivatePolicy.yml-8-8 (1)
8-8:⚠️ Potential issue | 🟠 MajorFix template path prefix: use
ida/instead ofesignet/.The template file is located under
ida/PmsIntegration/DeactivatePolicy/DeactivatePolicy.hbs, but line 8 referencesesignet/PmsIntegration/DeactivatePolicy/DeactivatePolicy. Additionally, line 9 referencesesignet/errorwhen error templates are located underida/. All other test YAMLs in this directory consistently use theida/prefix. Update both lines to useida/:Diff
- inputTemplate: esignet/PmsIntegration/DeactivatePolicy/DeactivatePolicy + inputTemplate: ida/PmsIntegration/DeactivatePolicy/DeactivatePolicy - outputTemplate: esignet/error + outputTemplate: ida/error🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/PmsIntegration/DeactivatePolicy/DeactivatePolicy.yml` at line 8, Update the template path prefixes from "esignet/" to "ida/" for the DeactivatePolicy test: change the inputTemplate reference "esignet/PmsIntegration/DeactivatePolicy/DeactivatePolicy" to "ida/PmsIntegration/DeactivatePolicy/DeactivatePolicy" and also update the error template reference "esignet/error" to "ida/error" so both inputTemplate and errorTemplate point to the actual ida/ templates used by other tests.api-test/src/main/resources/ida/PmsIntegration/DeactivatePolicy/DeactivatePolicy.hbs-4-6 (1)
4-6:⚠️ Potential issue | 🟠 MajorUse templated fields instead of literal "string" values to align with other PMS templates.
DeactivatePolicy.hbs hardcodes
"id": "string"and"version": "string"at the envelope level, which is inconsistent with UpdatePolicy.hbs (which uses"{{version}}"and gets actual value"1.0"from its YAML). Literal"string"values may fail PMS validation before the handler reaches the intended "already published" error (PMS_POL_058), masking the real error being tested. Either provide actual values or use placeholders populated from the test input YAML, matching the UpdatePolicy pattern.Suggested fix
- "id": "string", - "version": "string", + "id": "{{id}}", + "version": "{{version}}",(Also add
"id"and"version"to the input object in DeactivatePolicy.yml)🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/PmsIntegration/DeactivatePolicy/DeactivatePolicy.hbs` around lines 4 - 6, DeactivatePolicy.hbs currently hardcodes envelope fields `"id": "string"` and `"version": "string"` which can fail PMS validation; replace those literal values with template placeholders (e.g., `"id": "{{id}}"` and `"version": "{{version}}"`) like in UpdatePolicy.hbs, and add corresponding `id` and `version` entries to DeactivatePolicy.yml so the test YAML supplies real values (e.g., "1.0") at runtime.api-test/src/main/resources/ida/PmsIntegration/CreatePartner/CreatePartner.yml-12-12 (1)
12-12:⚠️ Potential issue | 🟠 MajorHardcoded phone number
8553967372is a potential PII leak and may violate uniqueness constraints.The same real-looking Indian mobile number appears verbatim in both test cases. Two concerns:
- Privacy: A potentially real phone number embedded in source-controlled test data is a PII risk.
- Uniqueness: If the partner management API enforces unique
contactNumberper partner, both registrations will use the same value — the second test case may fail with a duplicate-entry error.Use placeholders (e.g.,
$PARTNERCONTACT$/$MISPPARTNERCONTACT$) consistent with the rest of the framework, or substitute with an obviously synthetic number like9999999999.🛡️ Proposed fix
- "contactNumber": "8553967372", + "contactNumber": "$PARTNERCONTACT$",- "contactNumber": "8553967372", + "contactNumber": "$MISPPARTNERCONTACT$",Also applies to: 34-34
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/PmsIntegration/CreatePartner/CreatePartner.yml` at line 12, The YAML has a hardcoded PII phone number in the "contactNumber" field (appears in the CreatePartner testcases), which risks privacy and duplicate-entry failures; replace the literal "8553967372" with the framework's placeholder(s) (for example $PARTNERCONTACT$ for the primary test and $MISPPARTNERCONTACT$ for the other) or an obviously synthetic number like 9999999999, ensuring both occurrences of the "contactNumber" field are updated so tests use distinct, non-PII values and match existing placeholder conventions.api-test/src/main/resources/ida/PmsIntegration/CreatePartner/createPartner.hbs-2-2 (1)
2-2:⚠️ Potential issue | 🟠 MajorFix
idandversionfields in PmsIntegration HBS templates - using literal "string" values will fail API validation.The
idandversionfields increatePartner.hbs(and other PMS Integration templates) contain literal placeholder values"string"that should be replaced with actual MOSIP operation identifiers and semantic versions. MOSIP partner-management APIs expectidto be an operation identifier (e.g.,mosip.partnermanagement.partners.create) andversionto be a semantic version string (e.g.,1.0).This pattern appears across all PMS Integration HBS templates (approveAPIKey.hbs, definePolicy.hbs, etc.), indicating a systematic copy-paste error from Swagger/OpenAPI spec templates.
🐛 Proposed fix
- "id": "string", + "id": "mosip.partnermanagement.partners.create", "metadata": {}, ... - "version": "string" + "version": "1.0"Apply similar fixes to other PMS Integration templates, adjusting the operation identifier to match each template's purpose (e.g.,
mosip.partnermanagement.partners.approvefor approveAPIKey.hbs).🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/PmsIntegration/CreatePartner/createPartner.hbs` at line 2, The template fields "id" and "version" in createPartner.hbs (and other PMS Integration HBS templates) are incorrect literals ("string") causing API validation failures; replace the "id" value with the correct MOSIP operation identifier for the template (e.g., use mosip.partnermanagement.partners.create in createPartner.hbs) and set "version" to a valid semantic version (e.g., 1.0); apply the same pattern to other templates (e.g., approveAPIKey.hbs → mosip.partnermanagement.partners.approve, definePolicy.hbs → appropriate mosip.* identifier) ensuring each file’s id matches its operation and version is a semantic version string.api-test/src/main/resources/ida/PmsIntegration/OidcClient/OIDCClient.yml-20-22 (1)
20-22:⚠️ Potential issue | 🟠 MajorOutput assertion missing
clientId— downstream delegated tests likely require it.The OIDC client creation endpoint typically returns a
clientIdin the response. The PR's stated goal is delegated authentication flows, which need the newly createdclientIdto proceed. Validating onlystatus: "ACTIVE"means the test will pass even ifclientIdis absent or malformed, leaving downstream test cases with an unresolvable dependency.Consider adding
clientIdto both the output template (OIDCClientResult.hbs) and this assertion, or at minimum capturing it as a variable for subsequent steps.🔧 Suggested additions
In
OIDCClientResult.hbs:{ "response": { - "status": "{{status}}" + "status": "{{status}}", + "clientId": "{{clientId}}" } }In
OIDCClient.yml:output: '{ - "status": "ACTIVE" + "status": "ACTIVE", + "clientId": "$IS_NOT_EMPTY$" }'🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/PmsIntegration/OidcClient/OIDCClient.yml` around lines 20 - 22, The response assertion in OIDCClient.yml only checks "status": "ACTIVE" but omits the required clientId, so downstream delegated tests cannot reference the created client's id; update the output assertion to validate and capture the returned clientId (e.g., assert presence of clientId and assign it to a variable for later steps) and ensure the response template OIDCClientResult.hbs includes the clientId field so the endpoint returns it (update template to render clientId and update OIDCClient.yml to both assert clientId exists and save it for subsequent requests).api-test/src/main/resources/ida/PmsIntegration/PublishPolicy/publishPolicy.hbs-1-4 (1)
1-4:⚠️ Potential issue | 🟠 MajorAdd
{{requesttime}}placeholder to request templateBoth test scenarios in
PublishPolicy.ymlprovide"requesttime": "$TIMESTAMP$"in their input blocks (lines 13 and 36), but this template lacks the corresponding{{requesttime}}placeholder. All other PmsIntegration templates include this field, and it is required by MOSIP REST APIs. Without the placeholder, therequesttimefield will be absent from the POST payload, causing the API to reject both tests.Proposed fix
{ "policygroupId": "{{policygroupId}}", - "policyId": "{{policyId}}" + "policyId": "{{policyId}}", + "requesttime": "{{requesttime}}" }🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/PmsIntegration/PublishPolicy/publishPolicy.hbs` around lines 1 - 4, The template publishPolicy.hbs is missing the {{requesttime}} placeholder so the POST payload omits requesttime; update the JSON template (next to the existing "{{policygroupId}}" and "{{policyId}}" placeholders) to include a "requesttime": "{{requesttime}}" field so the rendered payload contains the test-provided "$TIMESTAMP$" value and satisfies MOSIP REST API requirements.api-test/src/main/resources/ida/PmsIntegration/PublishPolicy/publishPolicyResult.hbs-1-19 (1)
1-19:⚠️ Potential issue | 🟠 MajorMissing
policyGroupStatusandstatusfields; structural mismatch with YAML assertionsThe template is missing two required fields that the test assertions expect:
Missing placeholders:
policyGroupStatusandstatusare asserted in both test cases (PublishPolicy.yml lines 15–23 and 38–45) but absent from the template entirely. These assertions cannot be validated.Nested vs. flat structure mismatch: The YAML output expects
authType,attributeName, andauthTokenTypeas flat top-level keys (same level aspolicyTypeandis_Active), but the template places them nested underresponse.policies.allowedAuthTypes[0].authType,response.policies.allowedKycAttributes[0].attributeName, andresponse.policies.authTokenType. Unless the framework performs automatic flattening, these field assertions will fail to bind.🐛 Add missing top-level fields
{ "response": { + "policyGroupStatus": "{{policyGroupStatus}}", "policyType": "{{policyType}}", + "status": "{{status}}", "is_Active": "{{is_Active}}", "policies": {🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/PmsIntegration/PublishPolicy/publishPolicyResult.hbs` around lines 1 - 19, The template is missing the required top-level placeholders policyGroupStatus and status and it nests authType, attributeName and authTokenType under response.policies (causing a mismatch with YAML assertions that expect these as top-level keys). Add "policyGroupStatus": "{{policyGroupStatus}}" and "status": "{{status}}" under the response object, and expose authType, attributeName and authTokenType as top-level keys inside response (e.g., response.authType: "{{authType}}", response.attributeName: "{{attributeName}}", response.authTokenType: "{{authTokenType}}") or duplicate those values at that level in addition to the existing response.policies structure so the test assertions referencing flat keys will bind (reference symbols: placeholders policyGroupStatus, status, authType, attributeName, authTokenType and the response.policies structure).api-test/src/main/resources/ida/PmsIntegration/GenerateMispLK/GenerateMispLK.yml-3-3 (1)
3-3:⚠️ Potential issue | 🟠 MajorThe endpoint
POST /v1/partnermanager/mispsdoes not match the documented MOSIP Partner Management API for generating MISP License Keys.According to official MOSIP documentation:
- Modern PMS (1.3.0-beta.3+): Generate license key using
POST /misp-licenses- Legacy PMS (1.1.5): Generate/download using
GET /misps/{mispId}/licenseKeyThe current endpoint is for creating/registering a MISP, not generating license keys. Update to the correct endpoint based on your MOSIP version.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/PmsIntegration/GenerateMispLK/GenerateMispLK.yml` at line 3, The configured endPoint in GenerateMispLK.yml is incorrect for generating MISP license keys; update the endPoint key (currently "/v1/partnermanager/misps") to the correct route for your MOSIP version: for Modern PMS (>=1.3.0-beta.3) set endPoint to "/v1/partnermanager/misp-licenses" (or "/misp-licenses" if your base path differs), or for Legacy PMS (1.1.5) set it to the GET path pattern "/v1/partnermanager/misps/{mispId}/licenseKey" and adjust method to GET; ensure the HTTP method in the same YAML operation matches the chosen endpoint and update any request/response schemas referenced by GenerateMispLK.yml accordingly.api-test/src/main/resources/ida/PmsIntegration/GenerateApiKey/GenerateApiKey.hbs-2-3 (1)
2-3:⚠️ Potential issue | 🟠 MajorReplace hardcoded
"id": "string"and"version": "string"with endpoint-specific values or dynamic placeholders.MOSIP PATCH requests validate
idandversionagainst the standard request envelope. These are mandatory fields that must match endpoint-specific values (not literal strings). For PMS endpoints,idtypically follows the patternmosip.partnermanagement.partners.<operation>andversionmust be a valid version number like"1.0". The current hardcoded"string"values will fail server-side validation and cause the test to fail with an "Invalid Input Parameter" error. Verify the exact expected values for the/partners/{partnerId}/generate/apikeyendpoint and update the template accordingly.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/PmsIntegration/GenerateApiKey/GenerateApiKey.hbs` around lines 2 - 3, Replace the hardcoded "id": "string" and "version": "string" in the GenerateApiKey.hbs template with the endpoint-specific values or dynamic placeholders used by PMS: set "id" to the MOSIP pattern for this operation (e.g. "mosip.partnermanagement.partners.generate.apikey" or use a template variable like {{requestId}} that resolves to that pattern) and set "version" to a valid version string such as "1.0" (or a {{version}} placeholder); update the keys in the template where "id" and "version" appear so the generated PATCH request matches the /partners/{partnerId}/generate/apikey envelope expected by the server.api-test/src/main/resources/ida/BioAuthDelegated/BioAuthDelegated.hbs-24-25 (1)
24-25:⚠️ Potential issue | 🟠 MajorDuplicate
envkey — same issue asBioAuthDelegatedNeg/BioAuthDelegated.hbs.
"env": "{{env}}"on Line 24 is immediately overridden by"env": "Staging"on Line 25. The placeholder is effectively dead code. Remove one of the two depending on intent.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/BioAuthDelegated/BioAuthDelegated.hbs` around lines 24 - 25, The template contains duplicate "env" properties: the placeholder "env": "{{env}}" is immediately overridden by "env": "Staging"; remove or reconcile the duplicate depending on intent—either delete the static "env": "Staging" so the template uses the passed-in variable (keep "env": "{{env}}"), or remove the placeholder and keep the static value (keep "env": "Staging"); make the change in the BioAuthDelegated.hbs file by editing the two "env" entries so only the intended one remains.api-test/src/main/resources/ida/BioAuthDelegated/BioAuthDelegated.hbs-9-14 (1)
9-14:⚠️ Potential issue | 🟠 MajorSame invalid
filtersarray issue as inBioAuthDelegatedNeg/BioAuthDelegated.hbs.The
{{#eachfilters}}block renders key-value pairs directly inside a JSON array, producing invalid JSON (e.g.,["bio": true]). Wrap each entry in{}to produce valid JSON objects within the array.🐛 Proposed fix
"filters": [ {{`#each` filters}} - "{{type}}": {{bio}} + {"{{type}}": {{bio}}} {{`#unless` `@last`}},{{/unless}} {{/each}} ],🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/BioAuthDelegated/BioAuthDelegated.hbs` around lines 9 - 14, The current {{`#each` filters}} block in the BioAuthDelegated.hbs template emits key:value pairs directly into a JSON array (e.g., ["bio": true]) which is invalid; change the loop to render each entry as a JSON object by wrapping the key/value in braces (i.e., for each iteration output { "<type>": <bio> }) and keep the existing {{`#unless` `@last`}} comma logic so the array becomes [ { "type": value }, { ... } ] — update the {{`#each` filters}} block accordingly (refer to the {{`#each` filters}}, {{type}}, {{bio}}, and {{`#unless` `@last`}} symbols).api-test/src/main/resources/ida/BioAuthDelegatedNeg/BioAuthDelegated.hbs-24-25 (1)
24-25:⚠️ Potential issue | 🟠 MajorDuplicate
envkey — template placeholder is dead code.Line 24 sets
"env": "{{env}}"but Line 25 immediately redeclares"env": "Staging". In JSON, the last value for a duplicate key wins, so the{{env}}placeholder will never take effect. Remove one of the two declarations depending on intent.🐛 Proposed fix (if env should always be "Staging")
- "env": "{{env}}", - "env": "Staging", + "env": "Staging",🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/BioAuthDelegatedNeg/BioAuthDelegated.hbs` around lines 24 - 25, The template has a duplicate "env" JSON key: the placeholder "env": "{{env}}" in BioAuthDelegated.hbs is overridden by the subsequent "env": "Staging"; remove the dead entry depending on intent—either delete the static "env": "Staging" to allow the {{env}} Handlebars placeholder to be used, or delete the "env": "{{env}}" line so the file always emits "env": "Staging"; update only one of the two lines (search for the exact "env" key in BioAuthDelegated.hbs) to keep a single definitive env declaration.api-test/src/main/resources/ida/BioAuthDelegatedNeg/BioAuthDelegated.hbs-9-14 (1)
9-14:⚠️ Potential issue | 🟠 Major
filtersarray renders invalid JSON — key-value pairs inside[].The
{{#eachfilters}}block renders"{{type}}": {{bio}}entries inside a JSON array. This produces output like["bio": true], which is not valid JSON. Arrays must contain values (objects, strings, numbers, etc.), not bare key-value pairs.If the intent is an array of objects, each entry should be wrapped in
{}:🐛 Proposed fix
"filters": [ {{`#each` filters}} - "{{type}}": {{bio}} + {"{{type}}": {{bio}}} {{`#unless` `@last`}},{{/unless}} {{/each}} ],🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/BioAuthDelegatedNeg/BioAuthDelegated.hbs` around lines 9 - 14, The filters block is currently emitting JSON key-value pairs directly inside an array (using {{`#each` filters}} with "{{type}}": {{bio}}), producing invalid JSON like ["bio": true]; change the each-item output to emit an object per entry by wrapping the key/value in braces so each iteration produces an object (use the same {{type}} and {{bio}} tokens), keep the existing {{`#unless` `@last`}} comma logic between items, and ensure the surrounding "filters": [ ... ] remains intact so the result is an array of objects instead of bare key-value pairs.api-test/src/main/resources/ida/AuthInternalLock/AuthInternalLock.yml-200-203 (1)
200-203:⚠️ Potential issue | 🟠 MajorDuplicate
uniqueIdentifierwill collide in reports.
TC_IDA_AuthInternalLock_07is already used byauth_AuthInternal_Lock_UIN_Unlock_WithSecs_BioAuth_Smoke_Pos. This new delegated test needs its own unique identifier to avoid collisions.✅ Suggested fix
- uniqueIdentifier: TC_IDA_AuthInternalLock_07 + uniqueIdentifier: TC_IDA_AuthInternalLock_11🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/AuthInternalLock/AuthInternalLock.yml` around lines 200 - 203, The test case auth_AuthInternal_Permanent_Lock_DemoAuthDelegate_Valid_Smoke_Pos is using a duplicate uniqueIdentifier value TC_IDA_AuthInternalLock_07 which collides with auth_AuthInternal_Lock_UIN_Unlock_WithSecs_BioAuth_Smoke_Pos; update the uniqueIdentifier field for auth_AuthInternal_Permanent_Lock_DemoAuthDelegate_Valid_Smoke_Pos to a new, unique ID (e.g., increment the suffix or follow your test-ID naming convention like TC_IDA_AuthInternalLock_08) so reports no longer collide, ensuring the YAML key uniqueIdentifier is changed and saved.api-test/src/main/resources/ida/BioAuthKycExchange/BioAuthKYCExchange.hbs-9-20 (1)
9-20:⚠️ Potential issue | 🟠 MajorArray iteration will silently render empty strings.
The MOSIP 1.2.0 KYC Exchange API defines
consentObtainedandlocalesas plain string arrays (e.g.,["text"]). Inside a Handlebars#eachover a plain string array,{{consentObtainedValue}}/{{localesValue}}look up a property namedconsentObtainedValue/localesValueon each element — which doesn't exist on a string. The correct iterator for simple string arrays is{{this}}.🐛 Proposed fix
"consentObtained": [ {{`#each` consentObtained}} - "{{consentObtainedValue}}" + "{{this}}" {{`#unless` `@last`}},{{/unless}} {{/each}} ], "locales": [ {{`#each` locales}} - "{{localesValue}}" + "{{this}}" {{`#unless` `@last`}},{{/unless}} {{/each}} ],🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/BioAuthKycExchange/BioAuthKYCExchange.hbs` around lines 9 - 20, The template iterates over plain string arrays consentObtained and locales but uses non-existent properties consentObtainedValue/localesValue, which will render empty strings; update the Handlebars each blocks in BioAuthKYCExchange.hbs to output the current string element using {{this}} (and keep the existing comma/last-item logic) so each array element renders correctly as a string value.api-test/src/main/resources/ida/OtpAuthDelegatedNeg/OtpAuthDelegatedNeg.hbs-16-16 (1)
16-16:⚠️ Potential issue | 🟠 Major
{{transactionId}}case mismatch — substitution will fail at runtime.Every other template in this PR uses
{{transactionID}}(uppercaseD), which also matches the MOSIP API field nametransactionID. If the test data supplies the key astransactionID, this placeholder will not be substituted, producing an empty or unresolved value in the request.🐛 Proposed fix
- "transactionID": "{{transactionId}}", + "transactionID": "{{transactionID}}",🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/OtpAuthDelegatedNeg/OtpAuthDelegatedNeg.hbs` at line 16, The template uses the placeholder {{transactionId}} with a lowercase "d" which mismatches the rest of the templates and the MOSIP API field name; update the placeholder to {{transactionID}} so it matches the provided test data key and other templates (replace occurrences of {{transactionId}} with {{transactionID}} in the OtpAuthDelegatedNeg template).api-test/src/main/resources/ida/OtpAuthDelegatedNeg/OtpAuthDelegatedNeg.yml-547-552 (1)
547-552:⚠️ Potential issue | 🟠 MajorTC_15 and TC_20 reference the wrong
sendOtpReqTemplatepath.Both cases use
"ida/OtpAuth/sendOtp"instead of"ida/OtpAuthDelegatedNeg/sendOtp". Every other test case in this file (and thesendOtp.hbsasset) lives underOtpAuthDelegatedNeg/. Using the baseOtpAuthtemplate could produce an incorrect OTP request, causing unexpected OTP send behaviour and masking the actual negative-path error being tested.🐛 Proposed fix (apply to both occurrences)
- "sendOtpReqTemplate": "ida/OtpAuth/sendOtp", + "sendOtpReqTemplate": "ida/OtpAuthDelegatedNeg/sendOtp",Also applies to: 732-737
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/OtpAuthDelegatedNeg/OtpAuthDelegatedNeg.yml` around lines 547 - 552, The sendOtpReqTemplate values for the negative delegated OTP tests are pointing to the wrong template; locate the entries where the YAML key "sendOtpReqTemplate" is set to "ida/OtpAuth/sendOtp" (used by TC_15 and TC_20 in OtpAuthDelegatedNeg) and change them to "ida/OtpAuthDelegatedNeg/sendOtp" so the tests use the correct delegated template and asset; update both occurrences mentioned (also the similar pair near lines 732-737).api-test/src/main/resources/ida/DemoAuthKycExchange/DemoAuthKycExchange.yml-35-49 (1)
35-49:⚠️ Potential issue | 🟠 MajorMultiple VID-based test cases incorrectly specify
"individualIdType": "UIN"— this will cause all affected positive tests to fail.TC_02, TC_04, TC_05, TC_07, TC_08, TC_17, TC_19, and TC_20 all resolve their
individualIdfrom VID-generating placeholders (e.g.,$ID:GenerateVID_..._sid_vid$) but setindividualIdTypeto"UIN". The API uses this field to route identity resolution; supplying a VID value with type"UIN"will likely result in an identity-not-found or type-mismatch error, turning all these positive test cases into false failures. Compare withBioAuthKYCExchange.ymlwhere VID test cases correctly use"VID".🐛 Proposed fix — apply to all eight affected cases
- "individualIdType": "UIN", + "individualIdType": "VID",Apply to the
individualIdTypefield of TC_02 (line 39), TC_04 (line 87), TC_05 (line 111), TC_07 (line 159), TC_08 (line 183), TC_17 (line 375), TC_19 (line 399), TC_20 (line 423).Also applies to: 83-97, 107-121, 155-169, 179-193, 371-385, 395-409, 419-433
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/DemoAuthKycExchange/DemoAuthKycExchange.yml` around lines 35 - 49, Several positive test cases (TC_02, TC_04, TC_05, TC_07, TC_08, TC_17, TC_19, TC_20) set individualId using VID-generating placeholders (e.g., $ID:GenerateVID_for_EkycDemo_Dob_sid_vid$) but incorrectly use "individualIdType": "UIN"; update each of those test cases to set "individualIdType": "VID" instead so the API routes identity resolution correctly—search for the listed TC_* blocks in DemoAuthKycExchange.yml and replace the individualIdType value from "UIN" to "VID" for those cases.api-test/src/main/resources/ida/BioAuthKycExchange/BioAuthKYCExchange.yml-3-3 (1)
3-3:⚠️ Potential issue | 🟠 MajorSame invisible U+200B zero-width space present in all endpoint URLs in this file.
This is the same issue flagged in
OtpAuthDelegatedNeg.yml. EveryendPointacross all 27 test cases in this file is affected. Please strip the hidden character from all endpoint values.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/BioAuthKycExchange/BioAuthKYCExchange.yml` at line 3, The endPoint strings in BioAuthKYCExchange.yml contain a hidden U+200B zero-width space; remove that invisible character from every endPoint value (all 27 test cases) so URLs like the one containing $partialPartnerKeyUrl$ and $ID:CreateOIDCClient_Misp_Valid_Smoke_sid_clientId$ no longer include U+200B. Fix by searching for U+200B (or copy/paste the problematic URL) and stripping it from each endPoint entry (or run a global find-and-replace for the zero-width space), then save the YAML as UTF-8 to ensure no hidden characters remain.api-test/src/main/resources/ida/OtpAuthDelegated/OtpAuthDelegated.yml-3-3 (1)
3-3:⚠️ Potential issue | 🟠 MajorSame invisible U+200B zero-width space present in all endpoint URLs in this file.
Same issue as in
OtpAuthDelegatedNeg.yml; all six endpoint values are affected.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/OtpAuthDelegated/OtpAuthDelegated.yml` at line 3, The endpoint strings in OtpAuthDelegated.yml contain invisible U+200B zero-width spaces inside the endPoint values (e.g., the value containing $partialPartnerKeyUrl$ and $ID:CreateOIDCClient_Misp_Valid_Smoke_sid_clientId$); remove all U+200B characters from every endPoint value in this file (all six entries) so the URLs read continuously (e.g., /idauthentication/v1/kyc-auth/delegated/$partialPartnerKeyUrl$/$ID:CreateOIDCClient_Misp_Valid_Smoke_sid_clientId$) and verify no other invisible whitespace remains.api-test/src/main/resources/ida/DemoAuthKycExchange/DemoAuthKycExchange.yml-3-3 (1)
3-3:⚠️ Potential issue | 🟠 MajorSame invisible U+200B zero-width space present in all endpoint URLs in this file.
Same issue as in the other YAML files in this PR; all 21 endpoint values are affected.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/DemoAuthKycExchange/DemoAuthKycExchange.yml` at line 3, The endPoint values (e.g., the endPoint entry containing "/idauthentication/v1/kyc-exchange/delegated/$partialPartnerKeyUrl$/$ID:CreateOIDCClient_Misp_Valid_Smoke_sid_clientId$") contain an invisible U+200B zero-width space; remove the U+200B from all endpoint strings in the file (all 21 endPoint entries) by deleting or replacing the invisible character (or run a project-wide search-and-replace for \u200B) so each endPoint value is a clean continuous URL token.api-test/src/main/resources/ida/OtpAuthDelegated/OtpAuthDelegated.yml-88-96 (1)
88-96:⚠️ Potential issue | 🟠 MajorTC_03 uses wrong
sendOtpReqTemplatepath —ida/OtpAuth/sendOtpinstead ofida/OtpAuthDelegated/sendOtp.All other test cases in this file use the delegated template. The inconsistency can result in a non-delegated OTP request payload being sent, causing OTP delivery failure and a false-negative on the positive test.
🐛 Proposed fix
- "sendOtpReqTemplate": "ida/OtpAuth/sendOtp", + "sendOtpReqTemplate": "ida/OtpAuthDelegated/sendOtp",🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/OtpAuthDelegated/OtpAuthDelegated.yml` around lines 88 - 96, The sendOtp test case (object "sendOtp" / TC_03) uses the wrong sendOtpReqTemplate value "ida/OtpAuth/sendOtp"; update the sendOtpReqTemplate to "ida/OtpAuthDelegated/sendOtp" so this case uses the delegated payload template (also verify the surrounding keys otpIdentyEnryptRequestPath and sendOtpEndPoint remain unchanged). Ensure the change is applied to the "sendOtp" object in the OtpAuthDelegated.yml so it matches the other delegated test cases.api-test/src/main/resources/ida/OtpAuthDelegatedNeg/OtpAuthDelegatedNeg.yml-3-3 (1)
3-3:⚠️ Potential issue | 🟠 MajorStrip U+200B zero-width space from all endpoint URLs in delegated auth and KYC exchange test files.
A Unicode zero-width space (U+200B) is embedded in endpoint URLs across 11 YAML test files, affecting 177 test cases:
BioAuthDelegated.yml,BioAuthDelegatedNeg.yml,BioAuthDelegatedV2.ymlBioAuthKYCExchange.yml,BioAuthKycExchangeV2.ymlDemoAuthDelegated.yml,DemoAuthDelegatedNeg.yml,DemoAuthKycExchange.ymlOtpAuthDelegated.yml,OtpAuthDelegatedNeg.yml,OtpAuthKycExchange.ymlThe character appears between
$partialPartnerKeyUrl$and the next path segment in every endpoint, making the URLs malformed. Requests will fail with 404 or unexpected routing errors at runtime.Example from OtpAuthDelegatedNeg.yml line 3
/idauthentication/v1/kyc-auth/delegated/$partialPartnerKeyUrl$/$ID:CreateOIDCClient_Misp_Valid_Smoke_sid_clientId$ ^ U+200B hereRemove the zero-width space from all affected endpoint values.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/OtpAuthDelegatedNeg/OtpAuthDelegatedNeg.yml` at line 3, The endPoint strings in delegated auth and KYC exchange YAMLs contain a hidden U+200B zero-width space between the token "$partialPartnerKeyUrl$" and the following path segment which breaks routing; open each affected file (e.g., OtpAuthDelegatedNeg.yml and the other listed files) and remove the invisible U+200B character from the endPoint value (the "endPoint:" entries), ensuring the URL reads "/idauthentication/v1/kyc-auth/delegated/$partialPartnerKeyUrl$/$ID:..." with no hidden characters; scan all endPoint fields in the 11 files to remove any additional U+200B occurrences.
ℹ️ Review info
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (103)
api-test/src/main/java/io/mosip/testrig/apirig/auth/testscripts/DemoAuth.javaapi-test/src/main/java/io/mosip/testrig/apirig/auth/testscripts/OtpAuthNew.javaapi-test/src/main/resources/ida/AddIdentity/AddIdentity.ymlapi-test/src/main/resources/ida/AuthInternalLock/AuthInternalLock.ymlapi-test/src/main/resources/ida/BioAuthDelegated/BioAuthDelegated.hbsapi-test/src/main/resources/ida/BioAuthDelegated/BioAuthDelegated.ymlapi-test/src/main/resources/ida/BioAuthDelegated/BioAuthIdentityEncrypt.hbsapi-test/src/main/resources/ida/BioAuthDelegated/BioKYCAuthDelegatedResult.hbsapi-test/src/main/resources/ida/BioAuthDelegatedNeg/BioAuthDelegated.hbsapi-test/src/main/resources/ida/BioAuthDelegatedNeg/BioAuthDelegatedNeg.ymlapi-test/src/main/resources/ida/BioAuthDelegatedNeg/BioAuthIdentityEncrypt.hbsapi-test/src/main/resources/ida/BioAuthDelegatedNeg/BioKYCAuthDelegatedResult.hbsapi-test/src/main/resources/ida/BioAuthKycExchange/BioAuthKYCExchange.hbsapi-test/src/main/resources/ida/BioAuthKycExchange/BioAuthKYCExchange.ymlapi-test/src/main/resources/ida/BioAuthKycExchange/BioAuthKYCExchangeResult.hbsapi-test/src/main/resources/ida/BioAuthKycExchange/BioAuthKYCExchangeV2.hbsapi-test/src/main/resources/ida/DelegateError.hbsapi-test/src/main/resources/ida/DemoAuthDelegated/DemoAuthDelegated.hbsapi-test/src/main/resources/ida/DemoAuthDelegated/DemoAuthDelegated.ymlapi-test/src/main/resources/ida/DemoAuthDelegated/DemoAuthDelegatedResult.hbsapi-test/src/main/resources/ida/DemoAuthDelegated/DemoIdentityEncrypt.hbsapi-test/src/main/resources/ida/DemoAuthDelegated/DemoIdentityEncryptGender.hbsapi-test/src/main/resources/ida/DemoAuthDelegated/DemoIdentityEncryptGenderRS.hbsapi-test/src/main/resources/ida/DemoAuthDelegated/DemoIdentityEncryptInvalid.hbsapi-test/src/main/resources/ida/DemoAuthDelegated/DemoIdentityEncryptName.hbsapi-test/src/main/resources/ida/DemoAuthDelegatedNeg/DemoAuthDelegated.hbsapi-test/src/main/resources/ida/DemoAuthDelegatedNeg/DemoAuthDelegatedNeg.ymlapi-test/src/main/resources/ida/DemoAuthDelegatedNeg/DemoAuthDelegatedResult.hbsapi-test/src/main/resources/ida/DemoAuthDelegatedNeg/DemoIdentityEncrypt.hbsapi-test/src/main/resources/ida/DemoAuthDelegatedNeg/DemoIdentityEncryptGender.hbsapi-test/src/main/resources/ida/DemoAuthDelegatedNeg/DemoIdentityEncryptGenderRS.hbsapi-test/src/main/resources/ida/DemoAuthDelegatedNeg/DemoIdentityEncryptInvalid.hbsapi-test/src/main/resources/ida/DemoAuthDelegatedNeg/DemoIdentityEncryptName.hbsapi-test/src/main/resources/ida/DemoAuthKycExchange/DemoAuthKycExchange.hbsapi-test/src/main/resources/ida/DemoAuthKycExchange/DemoAuthKycExchange.ymlapi-test/src/main/resources/ida/DemoAuthKycExchange/DemoAuthKycExchangeResult.hbsapi-test/src/main/resources/ida/GenerateVID/createGenerateVID.ymlapi-test/src/main/resources/ida/OtpAuthDelegated/OtpAuthDelegated.hbsapi-test/src/main/resources/ida/OtpAuthDelegated/OtpAuthDelegated.ymlapi-test/src/main/resources/ida/OtpAuthDelegated/OtpAuthDelegatedResult.hbsapi-test/src/main/resources/ida/OtpAuthDelegated/OtpIdentityEncrypt.jsonapi-test/src/main/resources/ida/OtpAuthDelegated/Sendotperror.hbsapi-test/src/main/resources/ida/OtpAuthDelegated/sendOtp.hbsapi-test/src/main/resources/ida/OtpAuthDelegated/sendOtpRes.hbsapi-test/src/main/resources/ida/OtpAuthDelegatedNeg/OtpAuthDelegatedNeg.hbsapi-test/src/main/resources/ida/OtpAuthDelegatedNeg/OtpAuthDelegatedNeg.ymlapi-test/src/main/resources/ida/OtpAuthDelegatedNeg/OtpIdentityEncrypt.jsonapi-test/src/main/resources/ida/OtpAuthDelegatedNeg/Sendotperror.hbsapi-test/src/main/resources/ida/OtpAuthDelegatedNeg/sendOtp.hbsapi-test/src/main/resources/ida/OtpAuthDelegatedNeg/sendOtpRes.hbsapi-test/src/main/resources/ida/OtpAuthKycExchange/OtpAuthKycExchange.hbsapi-test/src/main/resources/ida/OtpAuthKycExchange/OtpAuthKycExchange.ymlapi-test/src/main/resources/ida/OtpAuthKycExchange/OtpAuthKycExchangeResult.hbsapi-test/src/main/resources/ida/PmsIntegration/ApproveAPIKey/ApproveAPIKey.ymlapi-test/src/main/resources/ida/PmsIntegration/ApproveAPIKey/approveAPIKey.hbsapi-test/src/main/resources/ida/PmsIntegration/ApproveAPIKey/approveAPIKeyResult.hbsapi-test/src/main/resources/ida/PmsIntegration/CreatePartner/CreatePartner.ymlapi-test/src/main/resources/ida/PmsIntegration/CreatePartner/createPartner.hbsapi-test/src/main/resources/ida/PmsIntegration/CreatePartner/createPartnerResult.hbsapi-test/src/main/resources/ida/PmsIntegration/DeactivatePolicy/DeactivatePolicy.hbsapi-test/src/main/resources/ida/PmsIntegration/DeactivatePolicy/DeactivatePolicy.ymlapi-test/src/main/resources/ida/PmsIntegration/DefinePolicy/DefinePolicy.ymlapi-test/src/main/resources/ida/PmsIntegration/DefinePolicy/definePolicy.hbsapi-test/src/main/resources/ida/PmsIntegration/DefinePolicy/definePolicyInvalid.hbsapi-test/src/main/resources/ida/PmsIntegration/DefinePolicy/definePolicyInvalid2.hbsapi-test/src/main/resources/ida/PmsIntegration/DefinePolicy/definePolicyMisp.hbsapi-test/src/main/resources/ida/PmsIntegration/DefinePolicy/definePolicyMisp1.hbsapi-test/src/main/resources/ida/PmsIntegration/DefinePolicy/definePolicyMisp2.hbsapi-test/src/main/resources/ida/PmsIntegration/DefinePolicy/definePolicyMispFalse.hbsapi-test/src/main/resources/ida/PmsIntegration/DefinePolicy/definePolicyNonAuth.hbsapi-test/src/main/resources/ida/PmsIntegration/DefinePolicy/definePolicyResult.hbsapi-test/src/main/resources/ida/PmsIntegration/DefinePolicy/definePolicyWOPhone.hbsapi-test/src/main/resources/ida/PmsIntegration/DefinePolicyGroup/DefinePolicyGroup.ymlapi-test/src/main/resources/ida/PmsIntegration/DefinePolicyGroup/definePolicyGroup.hbsapi-test/src/main/resources/ida/PmsIntegration/DefinePolicyGroup/definePolicyGroupResult.hbsapi-test/src/main/resources/ida/PmsIntegration/GenerateApiKey/GenerateApiKey.hbsapi-test/src/main/resources/ida/PmsIntegration/GenerateApiKey/GenerateApiKey.ymlapi-test/src/main/resources/ida/PmsIntegration/GenerateApiKey/GenerateApiKeyResult.hbsapi-test/src/main/resources/ida/PmsIntegration/GenerateMispLK/GenerateMispLK.hbsapi-test/src/main/resources/ida/PmsIntegration/GenerateMispLK/GenerateMispLK.ymlapi-test/src/main/resources/ida/PmsIntegration/GenerateMispLK/GenerateMispLKResult.hbsapi-test/src/main/resources/ida/PmsIntegration/OidcClient/OIDCClient.hbsapi-test/src/main/resources/ida/PmsIntegration/OidcClient/OIDCClient.ymlapi-test/src/main/resources/ida/PmsIntegration/OidcClient/OIDCClientResult.hbsapi-test/src/main/resources/ida/PmsIntegration/PublishPolicy/PublishPolicy.ymlapi-test/src/main/resources/ida/PmsIntegration/PublishPolicy/publishPolicy.hbsapi-test/src/main/resources/ida/PmsIntegration/PublishPolicy/publishPolicyResult.hbsapi-test/src/main/resources/ida/PmsIntegration/RequestAPIKey/RequestAPIKey.ymlapi-test/src/main/resources/ida/PmsIntegration/RequestAPIKey/requestAPIKeyResult.hbsapi-test/src/main/resources/ida/PmsIntegration/RequestAPIKey/requestApiKey.hbsapi-test/src/main/resources/ida/PmsIntegration/UpdatePartnerCertificate/UpdatePartnerCertificate.ymlapi-test/src/main/resources/ida/PmsIntegration/UpdatePartnerCertificate/updatePartnerCertificate.hbsapi-test/src/main/resources/ida/PmsIntegration/UpdatePartnerCertificate/updatePartnerCertificateResult.hbsapi-test/src/main/resources/ida/PmsIntegration/UpdatePolicy/UpdatePolicy.hbsapi-test/src/main/resources/ida/PmsIntegration/UpdatePolicy/UpdatePolicy.ymlapi-test/src/main/resources/ida/PmsIntegration/UpdatePolicy/error.hbsapi-test/src/main/resources/ida/PmsIntegration/UploadCert/UploadCert.ymlapi-test/src/main/resources/ida/PmsIntegration/UploadCert/uploadCert.hbsapi-test/src/main/resources/ida/PmsIntegration/UploadCert/uploadCertResult.hbsapi-test/src/main/resources/ida/PmsIntegration/UploadCertificate/UploadCertificate.ymlapi-test/src/main/resources/ida/PmsIntegration/UploadCertificate/uploadCertificate.hbsapi-test/src/main/resources/ida/PmsIntegration/UploadCertificate/uploadCertificateResult.hbsapi-test/testNgXmlFiles/authSuite.xml
api-test/src/main/resources/ida/BioAuthDelegatedNeg/BioAuthDelegatedNeg.yml
Outdated
Show resolved
Hide resolved
api-test/src/main/resources/ida/DemoAuthDelegatedNeg/DemoAuthDelegatedNeg.yml
Outdated
Show resolved
Hide resolved
api-test/src/main/resources/ida/OtpAuthKycExchange/OtpAuthKycExchange.yml
Outdated
Show resolved
Hide resolved
api-test/src/main/resources/ida/PmsIntegration/OidcClient/OIDCClient.yml
Outdated
Show resolved
Hide resolved
added 2 commits
February 24, 2026 11:15
Signed-off-by: Likhitha R L <likhitha.rl@technoforte.co.in>
Signed-off-by: Likhitha R L <likhitha.rl@technoforte.co.in>
There was a problem hiding this comment.
Actionable comments posted: 15
♻️ Duplicate comments (2)
api-test/src/main/resources/ida/OtpAuthKycExchange/OtpAuthKycExchange.yml (1)
3-3: Verify there’s no zero‑width space (U+200B) inendPointvalues.This was flagged in earlier reviews and isn’t visible in diffs; please confirm the file is clean.
#!/bin/bash # Search for zero‑width space in the YAML file (expect no matches). rg -n $'\u200B' api-test/src/main/resources/ida/OtpAuthKycExchange/OtpAuthKycExchange.ymlAlso applies to: 27-27, 51-51, 75-75, 99-99, 123-123
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/OtpAuthKycExchange/OtpAuthKycExchange.yml` at line 3, Check the endPoint entries (the YAML key "endPoint" and specifically the value '/idauthentication/v1/kyc-exchange/delegated/$partialPartnerKeyUrl$/$ID:CreateOIDCClient_Misp_Valid_Smoke_sid_clientId$') for any zero‑width space (U+200B) characters and remove them if present; run a Unicode-aware search for U+200B across all endPoint values in this resource to verify there are no hidden characters in the other endpoint entries and commit the cleaned file.api-test/src/main/resources/ida/BioAuthDelegatedNeg/BioAuthDelegatedNeg.yml (1)
809-810:⚠️ Potential issue | 🟠 MajorInvisible U+200B character likely still present in the dummy partner key endpoint.
Line 810 uses a different placeholder (
$a2673y3g3grURL$) than the standard$partialPartnerKeyUrl$. The previous fix targeted the standard placeholder — verify this endpoint was also cleaned. The raw YAML shows a suspicious character between$a2673y3g3grURL$and/$ID:....#!/bin/bash # Check for U+200B in BioAuthDelegatedNeg.yml around line 810 python3 << 'EOF' with open("api-test/src/main/resources/ida/BioAuthDelegatedNeg/BioAuthDelegatedNeg.yml", "r", encoding="utf-8") as f: lines = f.readlines() for i, line in enumerate(lines, 1): if '\u200b' in line: pos = line.index('\u200b') print(f"Line {i}, col {pos}: U+200B found") print(f" Context: ...{repr(line[max(0,pos-30):pos+30])}...") if not any('\u200b' in l for l in lines): print("No U+200B found in this file.") EOF🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/BioAuthDelegatedNeg/BioAuthDelegatedNeg.yml` around lines 809 - 810, The endpoint value for auth_BioAuthDelegatedNeg_with_dummy_partnerkey_uin contains a hidden U+200B between the placeholder $a2673y3g3grURL$ and the subsequent path segment; open the value for that key (auth_BioAuthDelegatedNeg_with_dummy_partnerkey_uin) and remove the invisible U+200B character so the endpoint reads ".../$a2673y3g3grURL$/$ID:CreateOIDCClient_Misp_Valid_Smoke_sid_clientId$" (no hidden chars), then scan the file for other occurrences of U+200B (or the alternate placeholder $partialPartnerKeyUrl$) and remove any found to ensure all partner-key endpoints are clean.
🧹 Nitpick comments (4)
api-test/src/main/resources/ida/DemoAuthKycExchange/DemoAuthKycExchange.yml (3)
194-196: Test case IDs TC_09 and TC_18 are missing from the sequence.The
uniqueIdentifiernumbering skips from TC_08 (line 172) to TC_10 (line 196) and from TC_17 (line 364) to TC_19 (line 388). If corresponding scenarios exist upstream (e.g., delegated auth tests that producekycTokenvalues for TC_09/TC_18), the exchange-side coverage is incomplete. If the gaps are intentional, a brief comment in the file noting the reason would help future maintainers.Also applies to: 386-388
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/DemoAuthKycExchange/DemoAuthKycExchange.yml` around lines 194 - 196, The uniqueIdentifier sequence for DemoAuthKycExchange is skipping TC_09 and TC_18 (e.g., the entry with endPoint auth_DemoAuthKycExchange_DemoAuth_same_Name1_Valid_uin_Smoke_Pos currently uses uniqueIdentifier TC_IDA_DemoAuthKycExchange_10), so either add the missing exchange test cases with uniqueIdentifier TC_IDA_DemoAuthKycExchange_09 and TC_IDA_DemoAuthKycExchange_18 (matching their upstream delegated scenarios and endpoints) or if the gaps are intentional, add a concise inline comment near the surrounding entries explaining why TC_09 and TC_18 are omitted; locate edits by searching for uniqueIdentifier values like TC_IDA_DemoAuthKycExchange_08/_10 and the endPoint name to insert or comment appropriately.
23-25: All test cases have emptyoutputblocks — no positive assertions on KYC exchange response data.Every scenario's
outputis'{ }', relying solely oncheckErrorsOnlyInResponse: true. While understandable if the response is JWE-encrypted and can't be statically asserted, consider adding at least structural checks (e.g., verifying the response contains expected top-level keys) to catch regressions beyond "no error returned."Also applies to: 47-49
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/DemoAuthKycExchange/DemoAuthKycExchange.yml` around lines 23 - 25, The scenarios in DemoAuthKycExchange.yml have empty output blocks (output: '{}' ) and rely solely on checkErrorsOnlyInResponse: true; update each scenario's output to include minimal structural assertions (e.g., top-level keys expected in the KYC exchange response such as "status", "payload", "jwe" or "metadata") so tests validate response shape even when encrypted—locate the output entries in the YAML and replace '{}' with a small JSON object listing expected top-level keys (or placeholders) that the test harness will check, while keeping checkErrorsOnlyInResponse as needed.
1-481: Consider YAML anchors/aliases to reduce boilerplate across 18 near-identical test cases.Every test case repeats the same
endPoint,role,restMethod,checkErrorsOnlyInResponse,inputTemplate,outputTemplate, and large portions of theinputJSON. YAML anchors (&defaults) and merge keys (<<: *defaults) would cut the file size significantly and make maintenance easier — a change to a shared field would only need to happen in one place.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/DemoAuthKycExchange/DemoAuthKycExchange.yml` around lines 1 - 481, Create a YAML anchor (e.g., &defaults) under the DemoAuthKycExchange mapping that contains the shared fields (endPoint, role, restMethod, checkErrorsOnlyInResponse, inputTemplate, outputTemplate and the common parts of the input JSON like requestTime, transactionID, individualIdType, id, version, consentObtained, locales, respType); then for each test case key (e.g., auth_DemoAuthKycExchange_DemoAuth_DOB_Valid_Smoke_UIN, auth_DemoAuthKycExchange_DemoAuth_Email_Valid_Smoke_Pos_VID, etc.) merge the anchor using <<: *defaults and only override the unique fields (uniqueIdentifier, description, input individualId and kycToken, and output) so the repeated boilerplate is removed and maintenance is centralized.api-test/src/main/resources/ida/BioAuthDelegatedNeg/BioAuthDelegatedNeg.yml (1)
1-45: Test case naming includes "Pos" suffix in a negative test file.Several test keys in this negative-test YAML contain
_Posor_Smoke_Posin their names (e.g.,auth_BioAuthDelegatedNeg_Biometric_Face_With_Infant_uin_Smoke_Pos,auth_BioAuthDelegatedNeg_Biometric_Face_With_Revoked_VID_Valid_Smoke_Pos). Since these are all expected to fail with error codes, the_Possuffix is misleading. Consider renaming to_Negfor consistency.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/BioAuthDelegatedNeg/BioAuthDelegatedNeg.yml` around lines 1 - 45, Rename the misleading test keys that include the "_Pos" or "_Smoke_Pos" suffix in this negative test YAML (for example auth_BioAuthDelegatedNeg_Biometric_Face_With_Infant_uin_Smoke_Pos and auth_BioAuthDelegatedNeg_Biometric_Face_With_Revoked_VID_Valid_Smoke_Pos) to use a "_Neg" (or "_Smoke_Neg") suffix so names reflect expected failure; update each test key string while keeping the rest of the mapping (uniqueIdentifier, endPoint, input/output templates, and payloads such as the BioAuthDelegated entry) unchanged so references remain consistent.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@api-test/src/main/resources/ida/BioAuthDelegatedNeg/BioAuthDelegatedNeg.yml`:
- Around line 719-722: Fix the typo in the description field for the test case
key auth_BioAuthDelegatedNeg_Biometric_Face_Lock_uin_Permanent_: change
"permanetly locked UIN" to "permanently locked UIN" in the description value to
correct spelling.
In `@api-test/src/main/resources/ida/BioAuthKycExchange/BioAuthKYCExchange.yml`:
- Line 197: The YAML scenario description values are inconsistent with their
scenario names (e.g., the description currently reads "Biometric LeftIndexFinger
KYC exchange auth with valid UIN"); update the description fields at the two
places where this occurs so they match the corresponding scenario names (use
"LeftIndexFinger" or "RightIndexFinger" to match each scenario exactly),
ensuring the description key value reflects the correct finger side for both
occurrences.
- Around line 530-546: The negative test case
auth_BioAuthKycExchange_Biometric_with_already_used_kyc_Token_VID_Neg is flaky
because it reuses kycToken from
ID:BioAuthDelegated_Biometric_LeftThumb_With_Valid_VID_Smoke_Pos_Sid_kycToken
produced elsewhere; make it deterministic by adding an explicit pre-step that
consumes or invalidates that token before the main POST (e.g., call the same
kyc-exchange endpoint or a token-invalidate fixture) so the kycToken field in
this test's input is guaranteed to be "already used"; update the test YAML to
include that pre-step or reference a dedicated fixture that
generates-and-consumes the token prior to running
auth_BioAuthKycExchange_Biometric_with_already_used_kyc_Token_VID_Neg.
- Line 10: The outputTemplate path in BioAuthKYCExchange.yml points to a
non-existent template (ida/BioAuthKycExchange/BioKYCAuthDelegatedResult); either
add the missing BioKYCAuthDelegatedResult.hbs into the BioAuthKycExchange
directory or update all outputTemplate entries in BioAuthKYCExchange.yml (24
occurrences) to the correct existing location
ida/BioAuthDelegated/BioKYCAuthDelegatedResult so the template resolver can find
the file during tests.
- Around line 19-20: The embedded JSON-like objects in the YAML under the arrays
"consentObtained" and "locales" use unquoted object keys (e.g.,
consentObtainedValue, localesValue) which is invalid JSON; update those entries
so all object keys are quoted (e.g., "consentObtainedValue": "gender",
"localesValue": "eng") and scan the file for any other unquoted keys and quote
them as well so the payload is valid JSON for Jackson/ObjectMapper.
In
`@api-test/src/main/resources/ida/DemoAuthDelegatedNeg/DemoAuthDelegatedNeg.yml`:
- Around line 770-772: The uniqueIdentifier sequence skipped
TC_IDA_DemoAuthDelegatedNeg_25 between TC_IDA_DemoAuthDelegatedNeg_24 and
TC_IDA_DemoAuthDelegatedNeg_26; update the uniqueIdentifier for the
auth_DemoAuthDelegatedNeg_DOB_InValid_individualId_VID entry to the missing
sequential value (TC_IDA_DemoAuthDelegatedNeg_25) or renumber the surrounding
test cases so identifiers are contiguous, ensuring the field uniqueIdentifier in
this YAML entry is corrected.
- Around line 10-13: The individualId placeholder is missing the colon so
placeholder replacement fails; update the input JSON's individualId value from
"$IDlock_DemoAuth_withValidParameters_smoke_Pos_UIN$" to
"$ID:lock_DemoAuth_withValidParameters_smoke_Pos_UIN$" (i.e., insert the colon
after $ID) so the placeholder resolver recognizes it; check the input block
where individualId is set to ensure the corrected token is used.
- Around line 1092-1120: The test case
auth_DemoAuthDelegatedNeg_with_Deactivated_UIN (uniqueIdentifier
TC_IDA_DemoAuthDelegatedNeg_37) is using outputTemplate: ida/error but all peers
expect ida/DelegateError; update the outputTemplate field for this test to
"ida/DelegateError" so response validation uses the same DelegateError template
as the other cases and avoid mismatched validation.
In `@api-test/src/main/resources/ida/DemoAuthKycExchange/DemoAuthKycExchange.yml`:
- Around line 98-121: The test case
auth_DemoAuthKycExchange_DemoAuth_Email_Valid_Smoke_Poss_VID is a duplicate/typo
of the TC_04 variant (Pos vs Poss) and will fail if the corresponding upstream
placeholder DemoAuthDelegated_DemoAuth_Email_Valid_Smoke_Poss_VID does not
exist; either remove this test entry or rename/fix it to match the intended
scenario: correct the key to
auth_DemoAuthKycExchange_DemoAuth_Email_Valid_Smoke_Pos_VID (and update any
related description) or, if it is meant to be distinct, change the
payload/individualId/kycToken placeholders (e.g., the kycToken placeholder
ID:DemoAuthDelegated_...) and description to clearly differentiate it from the
TC_04 case so the $ID:..._kycToken$ resolves correctly.
- Around line 37-39: The YAML has eight test cases where individualId uses
GenerateVID_* placeholders but individualIdType is incorrectly set to "UIN";
update those to "VID". Locate the entries with keys individualId and
individualIdType that reference GenerateVID_for_EkycDemo_* (e.g., the block
showing "individualId": "$ID:GenerateVID_for_EkycDemo_Dob_sid_vid$") and change
the corresponding individualIdType value from "UIN" to "VID" for test cases
TC_02, TC_04, TC_05, TC_07, TC_08, TC_17, TC_19, and TC_20 (also at the other
listed occurrences matching lines 85–87, 109–111, 157–159, 181–183, 373–375,
397–399, 421–423).
In `@api-test/src/main/resources/ida/OtpAuthDelegatedNeg/OtpAuthDelegatedNeg.yml`:
- Line 29: The output strings for test cases TC_01 through TC_09 include a
literal tab before the JSON opening brace (e.g., lines showing "output: ' {"),
causing inconsistent leading whitespace; remove the leading tab so each output
value begins with the single-quote immediately followed by "{" (e.g., "output:
'{") for the affected test cases (refer to TC_01..TC_09 in
OtpAuthDelegatedNeg.yml) and ensure subsequent closing quotes and JSON
formatting remain unchanged.
- Around line 375-378: The test case uniqueIdentifier value is missing the
required IDA_ prefix; update the uniqueIdentifier for the test case key
auth_OtpAuthDelegatedNeg_OTP_Auth_With_Blank_individualId_uin_neg by changing
TC_OtpAuthDelegatedNeg_11 to TC_IDA_OtpAuthDelegatedNeg_11 so it matches the
naming convention used across this file (edit the uniqueIdentifier field for
that test case).
- Around line 527-553: The two negative delegated tests (uniqueIdentifier
TC_IDA_OtpAuthDelegatedNeg_15 and the other TC_20) reference
"ida/OtpAuth/sendOtp" for sendOtpReqTemplate while the rest use
"ida/OtpAuthDelegatedNeg/sendOtp"; inspect the delegated sendOtp template and,
if the delegated variant is intended, update the sendOtpReqTemplate property in
the affected test entries to "ida/OtpAuthDelegatedNeg/sendOtp" and run the tests
to confirm behavior matches other delegated-neg cases; if the non-delegated
template is intentionally required, add a comment near the sendOtpReqTemplate
field explaining why it differs to avoid future confusion.
- Line 1: The root YAML key is wrong: change the top-level key from
OtpAuthDelegatedNegNeg to OtpAuthDelegatedNeg so the suite can discover tests;
also fix the two sendOtpReqTemplate entries in TC_15 and TC_20 that currently
point to "ida/OtpAuth/sendOtp" to instead point to
"ida/OtpAuthDelegatedNeg/sendOtp"; finally correct the uniqueIdentifier in TC_11
from TC_OtpAuthDelegatedNeg_11 to TC_IDA_OtpAuthDelegatedNeg_11 so it matches
the other test IDs.
In `@api-test/src/main/resources/ida/OtpAuthKycExchange/OtpAuthKycExchange.yml`:
- Around line 83-90: The test payload in OtpAuthKycExchange.yml still includes
the optional field "individualIdType": "VID", contradicting the "Missing
optional field" scenario; remove the `"individualIdType": "VID"` line from the
input JSON so the payload omits that key (check references to the token name
OtpAuthDelegated_OTP_Auth_With_Missing_Optional_Field_individualIdType_VID_Sid_kycToken
to ensure no other parts expect the field).
---
Duplicate comments:
In `@api-test/src/main/resources/ida/BioAuthDelegatedNeg/BioAuthDelegatedNeg.yml`:
- Around line 809-810: The endpoint value for
auth_BioAuthDelegatedNeg_with_dummy_partnerkey_uin contains a hidden U+200B
between the placeholder $a2673y3g3grURL$ and the subsequent path segment; open
the value for that key (auth_BioAuthDelegatedNeg_with_dummy_partnerkey_uin) and
remove the invisible U+200B character so the endpoint reads
".../$a2673y3g3grURL$/$ID:CreateOIDCClient_Misp_Valid_Smoke_sid_clientId$" (no
hidden chars), then scan the file for other occurrences of U+200B (or the
alternate placeholder $partialPartnerKeyUrl$) and remove any found to ensure all
partner-key endpoints are clean.
In `@api-test/src/main/resources/ida/OtpAuthKycExchange/OtpAuthKycExchange.yml`:
- Line 3: Check the endPoint entries (the YAML key "endPoint" and specifically
the value
'/idauthentication/v1/kyc-exchange/delegated/$partialPartnerKeyUrl$/$ID:CreateOIDCClient_Misp_Valid_Smoke_sid_clientId$')
for any zero‑width space (U+200B) characters and remove them if present; run a
Unicode-aware search for U+200B across all endPoint values in this resource to
verify there are no hidden characters in the other endpoint entries and commit
the cleaned file.
---
Nitpick comments:
In `@api-test/src/main/resources/ida/BioAuthDelegatedNeg/BioAuthDelegatedNeg.yml`:
- Around line 1-45: Rename the misleading test keys that include the "_Pos" or
"_Smoke_Pos" suffix in this negative test YAML (for example
auth_BioAuthDelegatedNeg_Biometric_Face_With_Infant_uin_Smoke_Pos and
auth_BioAuthDelegatedNeg_Biometric_Face_With_Revoked_VID_Valid_Smoke_Pos) to use
a "_Neg" (or "_Smoke_Neg") suffix so names reflect expected failure; update each
test key string while keeping the rest of the mapping (uniqueIdentifier,
endPoint, input/output templates, and payloads such as the BioAuthDelegated
entry) unchanged so references remain consistent.
In `@api-test/src/main/resources/ida/DemoAuthKycExchange/DemoAuthKycExchange.yml`:
- Around line 194-196: The uniqueIdentifier sequence for DemoAuthKycExchange is
skipping TC_09 and TC_18 (e.g., the entry with endPoint
auth_DemoAuthKycExchange_DemoAuth_same_Name1_Valid_uin_Smoke_Pos currently uses
uniqueIdentifier TC_IDA_DemoAuthKycExchange_10), so either add the missing
exchange test cases with uniqueIdentifier TC_IDA_DemoAuthKycExchange_09 and
TC_IDA_DemoAuthKycExchange_18 (matching their upstream delegated scenarios and
endpoints) or if the gaps are intentional, add a concise inline comment near the
surrounding entries explaining why TC_09 and TC_18 are omitted; locate edits by
searching for uniqueIdentifier values like TC_IDA_DemoAuthKycExchange_08/_10 and
the endPoint name to insert or comment appropriately.
- Around line 23-25: The scenarios in DemoAuthKycExchange.yml have empty output
blocks (output: '{}' ) and rely solely on checkErrorsOnlyInResponse: true;
update each scenario's output to include minimal structural assertions (e.g.,
top-level keys expected in the KYC exchange response such as "status",
"payload", "jwe" or "metadata") so tests validate response shape even when
encrypted—locate the output entries in the YAML and replace '{}' with a small
JSON object listing expected top-level keys (or placeholders) that the test
harness will check, while keeping checkErrorsOnlyInResponse as needed.
- Around line 1-481: Create a YAML anchor (e.g., &defaults) under the
DemoAuthKycExchange mapping that contains the shared fields (endPoint, role,
restMethod, checkErrorsOnlyInResponse, inputTemplate, outputTemplate and the
common parts of the input JSON like requestTime, transactionID,
individualIdType, id, version, consentObtained, locales, respType); then for
each test case key (e.g., auth_DemoAuthKycExchange_DemoAuth_DOB_Valid_Smoke_UIN,
auth_DemoAuthKycExchange_DemoAuth_Email_Valid_Smoke_Pos_VID, etc.) merge the
anchor using <<: *defaults and only override the unique fields
(uniqueIdentifier, description, input individualId and kycToken, and output) so
the repeated boilerplate is removed and maintenance is centralized.
ℹ️ Review info
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (10)
api-test/src/main/resources/ida/BioAuthDelegated/BioAuthDelegated.ymlapi-test/src/main/resources/ida/BioAuthDelegatedNeg/BioAuthDelegatedNeg.ymlapi-test/src/main/resources/ida/BioAuthKycExchange/BioAuthKYCExchange.ymlapi-test/src/main/resources/ida/BioAuthKycExchangeV2/BioAuthKycExchangeV2.ymlapi-test/src/main/resources/ida/DemoAuthDelegated/DemoAuthDelegated.ymlapi-test/src/main/resources/ida/DemoAuthDelegatedNeg/DemoAuthDelegatedNeg.ymlapi-test/src/main/resources/ida/DemoAuthKycExchange/DemoAuthKycExchange.ymlapi-test/src/main/resources/ida/OtpAuthDelegated/OtpAuthDelegated.ymlapi-test/src/main/resources/ida/OtpAuthDelegatedNeg/OtpAuthDelegatedNeg.ymlapi-test/src/main/resources/ida/OtpAuthKycExchange/OtpAuthKycExchange.yml
🚧 Files skipped from review as they are similar to previous changes (2)
- api-test/src/main/resources/ida/DemoAuthDelegated/DemoAuthDelegated.yml
- api-test/src/main/resources/ida/OtpAuthDelegated/OtpAuthDelegated.yml
api-test/src/main/resources/ida/BioAuthDelegatedNeg/BioAuthDelegatedNeg.yml
Outdated
Show resolved
Hide resolved
api-test/src/main/resources/ida/BioAuthKycExchange/BioAuthKYCExchange.yml
Outdated
Show resolved
Hide resolved
api-test/src/main/resources/ida/BioAuthKycExchange/BioAuthKYCExchange.yml
Outdated
Show resolved
Hide resolved
api-test/src/main/resources/ida/BioAuthKycExchange/BioAuthKYCExchange.yml
Outdated
Show resolved
Hide resolved
api-test/src/main/resources/ida/BioAuthKycExchange/BioAuthKYCExchange.yml
Show resolved
Hide resolved
api-test/src/main/resources/ida/OtpAuthDelegatedNeg/OtpAuthDelegatedNeg.yml
Outdated
Show resolved
Hide resolved
api-test/src/main/resources/ida/OtpAuthDelegatedNeg/OtpAuthDelegatedNeg.yml
Outdated
Show resolved
Hide resolved
api-test/src/main/resources/ida/OtpAuthDelegatedNeg/OtpAuthDelegatedNeg.yml
Show resolved
Hide resolved
api-test/src/main/resources/ida/OtpAuthDelegatedNeg/OtpAuthDelegatedNeg.yml
Show resolved
Hide resolved
api-test/src/main/resources/ida/OtpAuthKycExchange/OtpAuthKycExchange.yml
Show resolved
Hide resolved
Signed-off-by: Likhitha R L <likhitha.rl@technoforte.co.in>
There was a problem hiding this comment.
Actionable comments posted: 4
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
api-test/src/main/resources/ida/AddIdentity/AddIdentity.yml (1)
1956-2195:⚠️ Potential issue | 🟡 MinorIncomplete
uniqueIdentifiernaming migration — four old entries still useDelegated_IdRepoword order.The new convention (
TC_DependentModule_IdRepo_Delegated_XX) was applied to entries_01,_03,_04,_05,_07,_10,_11, but the following four entries were not migrated and still useTC_DependentModule_Delegated_IdRepo_XX:
YAML key Current uniqueIdentifier (old pattern) auth_AddIdentity_For_Kyc_Delegated_Bio_Auth_VID_smoke_Pos(1956)TC_DependentModule_Delegated_IdRepo_02auth_AddIdentity_For_Kyc_Delegated_rightIris_Auth_VID_smoke_Pos(2076)TC_DependentModule_Delegated_IdRepo_06auth_AddIdentity_withValidParameters_forDelegated_differentIdType_Pos(2136)TC_DependentModule_Delegated_IdRepo_08auth_AddIdentity_withValidParameters_forDemoDelegated_Pos(2166)TC_DependentModule_Delegated_IdRepo_09If any test-management or reporting tooling matches entries by
uniqueIdentifierprefix, the mixed naming will cause them to sort into different groups. Update these four in-place to complete the migration.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/AddIdentity/AddIdentity.yml` around lines 1956 - 2195, Four entries still use the old uniqueIdentifier pattern "TC_DependentModule_Delegated_IdRepo_XX"; update the uniqueIdentifier for auth_AddIdentity_For_Kyc_Delegated_Bio_Auth_VID_smoke_Pos to TC_DependentModule_IdRepo_Delegated_02, for auth_AddIdentity_For_Kyc_Delegated_rightIris_Auth_VID_smoke_Pos to TC_DependentModule_IdRepo_Delegated_06, for auth_AddIdentity_withValidParameters_forDelegated_differentIdType_Pos to TC_DependentModule_IdRepo_Delegated_08, and for auth_AddIdentity_withValidParameters_forDemoDelegated_Pos to TC_DependentModule_IdRepo_Delegated_09 so all entries consistently use the TC_DependentModule_IdRepo_Delegated_XX naming convention.
♻️ Duplicate comments (2)
api-test/src/main/resources/ida/BioAuthKycExchange/BioAuthKYCExchange.yml (1)
19-21:⚠️ Potential issue | 🟠 MajorQuote object keys in
localesJSON objects.
{localesValue: "eng"}is invalid JSON; keys must be quoted. This appears in every scenario, so update alllocalesentries consistently.🛠️ Proposed fix (apply to all locales entries)
- "locales": [{localesValue: "eng"}], + "locales": [{"localesValue": "eng"}],🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/BioAuthKycExchange/BioAuthKYCExchange.yml` around lines 19 - 21, The locales objects are using unquoted keys (e.g., locales array contains {localesValue: "eng"}) which is invalid JSON; update every occurrence of the locales entries so object keys are quoted (e.g., change localesValue to "localesValue") across all scenarios in the BioAuthKYCExchange YAML so the locales arrays contain valid JSON objects like {"localesValue":"eng"} consistently.api-test/src/main/resources/ida/BioAuthDelegatedNeg/BioAuthDelegatedNeg.yml (1)
809-811:⚠️ Potential issue | 🟠 MajorRemove the hidden U+200B after the dummy partner key token.
There’s a zero‑width space right after
$a2673y3g3grURL$, which makes the endpoint token mismatched at runtime.✅ Proposed fix
- endPoint: /idauthentication/v1/kyc-auth/delegated/$a2673y3g3grURL$/$ID:CreateOIDCClient_Misp_Valid_Smoke_sid_clientId$ + endPoint: /idauthentication/v1/kyc-auth/delegated/$a2673y3g3grURL$/$ID:CreateOIDCClient_Misp_Valid_Smoke_sid_clientId$🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/BioAuthDelegatedNeg/BioAuthDelegatedNeg.yml` around lines 809 - 811, The endpoint string for auth_BioAuthDelegatedNeg_with_dummy_partnerkey_uin contains a hidden U+200B (zero‑width space) immediately after the token $a2673y3g3grURL$ which breaks token matching at runtime; edit the endPoint value (the string with $a2673y3g3grURL$/$ID:CreateOIDCClient_Misp_Valid_Smoke_sid_clientId$) and remove the invisible U+200B character so the token is contiguous (no extra invisible whitespace) and the placeholder resolves correctly.
🧹 Nitpick comments (2)
api-test/src/main/resources/ida/OtpAuthKycExchange/OtpAuthKycExchange.yml (1)
23-25: All output blocks are empty — no positive assertions on KYC response fields.Every test case pairs
checkErrorsOnlyInResponse: truewith an emptyoutput: '{}'. This means the tests only verify that no error code is returned, but never assert that the KYC exchange actually yielded the consented fields (e.g.,gender,birthdatefromconsentObtained). A corrupted or empty KYC payload would still pass these tests.Consider adding at minimum a structural assertion (e.g., presence of
identityorkycStatusin the response) to the output template or output block for the positive test cases (TC_01, TC_02, TC_03, TC_04, TC_05, TC_06).Also applies to: 47-49, 71-73, 95-97, 119-121, 143-145
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/OtpAuthKycExchange/OtpAuthKycExchange.yml` around lines 23 - 25, The positive test cases (TC_01..TC_06) currently have empty output blocks paired with checkErrorsOnlyInResponse: true, so they only verify no error and not that KYC data exists; update each test's output template (the output: '{}' blocks) to assert key structural fields are present—e.g., require response.identity or response.kycStatus and that consentObtained contains expected fields like gender and birthdate (or at least their presence), so the tests validate the KYC exchange payload rather than only error absence.api-test/src/main/resources/ida/AddIdentity/AddIdentity.yml (1)
2196-2315: New_smoke_Posentries are payload-identical to existing_Possiblings — clarify intent or consolidate.All four new entries carry the same
dateOfBirth, and all other payload fields as their corresponding existing counterparts:
New entry (lines) Identical to existing entry auth_AddIdentity_For_Kyc_Delegated_leftIris_Auth_UIN_smoke_Pos(2196)auth_AddIdentity_For_Kyc_Delegated_leftIris_Auth_UIN_Pos(1986)auth_AddIdentity_For_Kyc_Delegated_leftIris_Auth_VID_smoke_Pos(2226)auth_AddIdentity_For_Kyc_Delegated_leftIris_Auth_VID_Pos(2016)auth_AddIdentity_For_Kyc_Delegated_rightIris_Auth_UIN_smoke_Pos(2256)auth_AddIdentity_For_Kyc_Delegated_rightIris_Auth_UIN_Pos(2046)auth_AddIdentity_withValidParameters_forDelegated_Infant_smoke_Pos(2286)auth_AddIdentity_withValidParameters_forDelegated_Infant_Pos(2106)If the
_smoke_Posvariants are meant to be referenced by a smoke test suite (e.g.,authSuite.xml) while the_Posvariants serve a full regression suite, they should at minimum carry distinct emails so each creates its own isolated identity. If the differentiation is purely in theuniqueIdentifiernaming convention, the cleanest fix is to update theuniqueIdentifierof the existing_Posentries in-place rather than adding duplicate fixtures.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/AddIdentity/AddIdentity.yml` around lines 2196 - 2315, The four new fixtures (auth_AddIdentity_For_Kyc_Delegated_leftIris_Auth_UIN_smoke_Pos, auth_AddIdentity_For_Kyc_Delegated_leftIris_Auth_VID_smoke_Pos, auth_AddIdentity_For_Kyc_Delegated_rightIris_Auth_UIN_smoke_Pos, auth_AddIdentity_withValidParameters_forDelegated_Infant_smoke_Pos) are payload-identical to their existing siblings (auth_AddIdentity_For_Kyc_Delegated_leftIris_Auth_UIN_Pos, auth_AddIdentity_For_Kyc_Delegated_leftIris_Auth_VID_Pos, auth_AddIdentity_For_Kyc_Delegated_rightIris_Auth_UIN_Pos, auth_AddIdentity_withValidParameters_forDelegated_Infant_Pos); either remove the duplicate entries and update the existing uniqueIdentifier to the intended smoke test name, or keep both but make the smoke variants produce isolated identities by giving each smoke fixture a distinct email (and any other unique field such as registrationId/UIN if needed) so tests don’t collide; update the entries named above accordingly.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@api-test/src/main/resources/ida/AddIdentity/AddIdentity.yml`:
- Around line 2346-2375: The test
auth_AddIdentity_withValidParameters_forLockedUIN_DemoDelegated_Pos reuses the
OTP-delegate email value causing UIN/email collision; update the "email" field
in that test's input (the "email" key inside the JSON for
auth_AddIdentity_withValidParameters_forLockedUIN_DemoDelegated_Pos) to a unique
address (e.g., change the local-part to reflect LockedUIN/DemoDelegated or
parameterize it) so it does not match
auth_AddIdentity_withValidParameters_forOtpDelegated_Pos.
In `@api-test/src/main/resources/ida/BioAuthDelegatedNeg/BioAuthDelegatedNeg.yml`:
- Around line 1114-1116: The test YAML (BioAuthDelegatedNeg.yml) mixes
non-delegated and delegated identity templates causing failures; replace every
occurrence of the non-delegated template name
"ida/BioAuth/BioAuthIdentityEncrypt2" in BioAuthDelegatedNeg.yml with the
delegated template "ida/BioAuthDelegatedNeg/BioAuthIdentityEncrypt" so all
ENV-negative test cases use the delegated identityRequestTemplate expected by
the delegated endpoint (ensure you update the entries that currently reference
"ida/BioAuth/BioAuthIdentityEncrypt2" to the delegated variant).
- Around line 18-38: The keys identityRequestTemplate and identityRequestEncUrl
(and the duplicate transactionId) are incorrectly placed inside the
identityRequest object; close the identityRequest object after the "type" field
in the existing YAML/JSON block, remove the duplicate "transactionId" from
inside identityRequest, and move identityRequestTemplate and
identityRequestEncUrl to the root level alongside the existing top-level
transactionId/bio/demo fields so they are siblings of identityRequest rather
than children; locate the identityRequest block in the BioAuthDelegatedNeg
fixture and perform this reorganization.
In `@api-test/src/main/resources/ida/OtpAuthKycExchange/OtpAuthKycExchange.yml`:
- Line 29: Update the incorrect copied description for test case
TC_IDA_OtpAuthKycExchange_02: replace "Demo auth kyc exchange using valid dob
with valid perpetual VID" with a concise description that reflects the OTP-based
auth KYC exchange scenario (e.g., mention OTP authentication, KYC exchange, and
the expected valid perpetual VID) so the description accurately documents the
test intent in OtpAuthKycExchange.yml.
---
Outside diff comments:
In `@api-test/src/main/resources/ida/AddIdentity/AddIdentity.yml`:
- Around line 1956-2195: Four entries still use the old uniqueIdentifier pattern
"TC_DependentModule_Delegated_IdRepo_XX"; update the uniqueIdentifier for
auth_AddIdentity_For_Kyc_Delegated_Bio_Auth_VID_smoke_Pos to
TC_DependentModule_IdRepo_Delegated_02, for
auth_AddIdentity_For_Kyc_Delegated_rightIris_Auth_VID_smoke_Pos to
TC_DependentModule_IdRepo_Delegated_06, for
auth_AddIdentity_withValidParameters_forDelegated_differentIdType_Pos to
TC_DependentModule_IdRepo_Delegated_08, and for
auth_AddIdentity_withValidParameters_forDemoDelegated_Pos to
TC_DependentModule_IdRepo_Delegated_09 so all entries consistently use the
TC_DependentModule_IdRepo_Delegated_XX naming convention.
---
Duplicate comments:
In `@api-test/src/main/resources/ida/BioAuthDelegatedNeg/BioAuthDelegatedNeg.yml`:
- Around line 809-811: The endpoint string for
auth_BioAuthDelegatedNeg_with_dummy_partnerkey_uin contains a hidden U+200B
(zero‑width space) immediately after the token $a2673y3g3grURL$ which breaks
token matching at runtime; edit the endPoint value (the string with
$a2673y3g3grURL$/$ID:CreateOIDCClient_Misp_Valid_Smoke_sid_clientId$) and
remove the invisible U+200B character so the token is contiguous (no extra
invisible whitespace) and the placeholder resolves correctly.
In `@api-test/src/main/resources/ida/BioAuthKycExchange/BioAuthKYCExchange.yml`:
- Around line 19-21: The locales objects are using unquoted keys (e.g., locales
array contains {localesValue: "eng"}) which is invalid JSON; update every
occurrence of the locales entries so object keys are quoted (e.g., change
localesValue to "localesValue") across all scenarios in the BioAuthKYCExchange
YAML so the locales arrays contain valid JSON objects like
{"localesValue":"eng"} consistently.
---
Nitpick comments:
In `@api-test/src/main/resources/ida/AddIdentity/AddIdentity.yml`:
- Around line 2196-2315: The four new fixtures
(auth_AddIdentity_For_Kyc_Delegated_leftIris_Auth_UIN_smoke_Pos,
auth_AddIdentity_For_Kyc_Delegated_leftIris_Auth_VID_smoke_Pos,
auth_AddIdentity_For_Kyc_Delegated_rightIris_Auth_UIN_smoke_Pos,
auth_AddIdentity_withValidParameters_forDelegated_Infant_smoke_Pos) are
payload-identical to their existing siblings
(auth_AddIdentity_For_Kyc_Delegated_leftIris_Auth_UIN_Pos,
auth_AddIdentity_For_Kyc_Delegated_leftIris_Auth_VID_Pos,
auth_AddIdentity_For_Kyc_Delegated_rightIris_Auth_UIN_Pos,
auth_AddIdentity_withValidParameters_forDelegated_Infant_Pos); either remove the
duplicate entries and update the existing uniqueIdentifier to the intended smoke
test name, or keep both but make the smoke variants produce isolated identities
by giving each smoke fixture a distinct email (and any other unique field such
as registrationId/UIN if needed) so tests don’t collide; update the entries
named above accordingly.
In `@api-test/src/main/resources/ida/OtpAuthKycExchange/OtpAuthKycExchange.yml`:
- Around line 23-25: The positive test cases (TC_01..TC_06) currently have empty
output blocks paired with checkErrorsOnlyInResponse: true, so they only verify
no error and not that KYC data exists; update each test's output template (the
output: '{}' blocks) to assert key structural fields are present—e.g., require
response.identity or response.kycStatus and that consentObtained contains
expected fields like gender and birthdate (or at least their presence), so the
tests validate the KYC exchange payload rather than only error absence.
ℹ️ Review info
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (6)
api-test/src/main/resources/ida/AddIdentity/AddIdentity.ymlapi-test/src/main/resources/ida/BioAuthDelegatedNeg/BioAuthDelegatedNeg.ymlapi-test/src/main/resources/ida/BioAuthKycExchange/BioAuthKYCExchange.ymlapi-test/src/main/resources/ida/OtpAuthDelegated/OtpAuthDelegated.ymlapi-test/src/main/resources/ida/OtpAuthDelegatedNeg/OtpAuthDelegatedNeg.ymlapi-test/src/main/resources/ida/OtpAuthKycExchange/OtpAuthKycExchange.yml
🚧 Files skipped from review as they are similar to previous changes (2)
- api-test/src/main/resources/ida/OtpAuthDelegatedNeg/OtpAuthDelegatedNeg.yml
- api-test/src/main/resources/ida/OtpAuthDelegated/OtpAuthDelegated.yml
api-test/src/main/resources/ida/BioAuthDelegatedNeg/BioAuthDelegatedNeg.yml
Show resolved
Hide resolved
api-test/src/main/resources/ida/BioAuthDelegatedNeg/BioAuthDelegatedNeg.yml
Show resolved
Hide resolved
api-test/src/main/resources/ida/OtpAuthKycExchange/OtpAuthKycExchange.yml
Outdated
Show resolved
Hide resolved
Signed-off-by: Likhitha R L <likhitha.rl@technoforte.co.in>
There was a problem hiding this comment.
Actionable comments posted: 6
♻️ Duplicate comments (5)
api-test/src/main/resources/ida/BioAuthDelegatedNeg/BioAuthDelegatedNeg.yml (3)
34-37:⚠️ Potential issue | 🟠 MajorUnresolved:
identityRequestTemplate/identityRequestEncUrlstill nested insideidentityRequest; template paths use non-delegated directory across all 29 test cases.Three structural problems repeat in every test case:
identityRequestTemplateandidentityRequestEncUrlare children ofidentityRequestrather than root-level fields of the input JSON.transactionIdis duplicated — it appears at the top level and insideidentityRequest.- TC01–24 reference
ida/BioAuth/BioAuthIdentityEncryptand TC25–29 referenceida/BioAuth/BioAuthIdentityEncrypt2— all entries in this delegated-negative test file should useida/BioAuthDelegatedNeg/BioAuthIdentityEncrypt.The previous review flagged items 1 & 2 at lines 18–38 but they remain unresolved in the current code. Item 3 is a regression for TC01–24 (the prior version of the file had them correctly pointing at the
BioAuthDelegatedNegpath).🐛 Proposed fix (apply same pattern to all 29 test cases)
- "type": "Face", - "transactionId": "$TRANSACTIONID$", - "identityRequestTemplate": "ida/BioAuth/BioAuthIdentityEncrypt", - "identityRequestEncUrl": "/idauthentication/v1/internal/encrypt" - } + "type": "Face" + }, + "identityRequestTemplate": "ida/BioAuthDelegatedNeg/BioAuthIdentityEncrypt", + "identityRequestEncUrl": "/idauthentication/v1/internal/encrypt"🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/BioAuthDelegatedNeg/BioAuthDelegatedNeg.yml` around lines 34 - 37, The identity request fields are incorrectly structured and point to the wrong template: move identityRequestTemplate and identityRequestEncUrl out of the nested identityRequest object to be root-level siblings alongside transactionId, remove the duplicated transactionId inside the identityRequest object, and update the template path for all test cases in this delegated-negative file (TC01–TC29) to "ida/BioAuthDelegatedNeg/BioAuthIdentityEncrypt" (replace any "ida/BioAuth/BioAuthIdentityEncrypt" or "BioAuthIdentityEncrypt2"); locate and edit the entries that reference the identityRequest object and the duplicated transactionId to apply these three fixes consistently across all 29 test cases.
1114-1116:⚠️ Potential issue | 🟠 MajorTC25–29 still reference
ida/BioAuth/BioAuthIdentityEncrypt2— claimed fixed but unresolved.Lines 1115, 1163, 1211, 1259, and 1306 still use
"identityRequestTemplate": "ida/BioAuth/BioAuthIdentityEncrypt2". This was confirmed as addressed in a previous commit but the current code retains the old, non-delegated path. These five ENV-scenario tests need the same fix as the remaining cases (→ida/BioAuthDelegatedNeg/BioAuthIdentityEncrypt).🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/BioAuthDelegatedNeg/BioAuthDelegatedNeg.yml` around lines 1114 - 1116, Update the five ENV-scenario tests that still set "identityRequestTemplate" to "ida/BioAuth/BioAuthIdentityEncrypt2": change each value to "ida/BioAuthDelegatedNeg/BioAuthIdentityEncrypt" so TC25–29 use the delegated template; locate the occurrences by searching for the string "ida/BioAuth/BioAuthIdentityEncrypt2" in the BioAuthDelegatedNeg YAML and replace them with "ida/BioAuthDelegatedNeg/BioAuthIdentityEncrypt".
810-810:⚠️ Potential issue | 🟠 MajorU+200B (zero-width space) in TC19 dummy-partner-key endpoint URL.
Line 810:
/idauthentication/v1/kyc-auth/delegated/$a2673y3g3grURL$/$ID:CreateOIDCClient_Misp_Valid_Smoke_sid_clientId$contains an invisible U+200B character immediately after the$a2673y3g3grURL$token. This produces a malformed URL at runtime, routing the request to an unexpected path rather than exercising the intended IDA-MLC-007 / IDA-MPA-001 logic.The same class of invisible-character bug was previously fixed for
$partialPartnerKeyUrl$URLs; this instance with the$a2673y3g3grURL$token was missed.🐛 Proposed fix
- endPoint: /idauthentication/v1/kyc-auth/delegated/$a2673y3g3grURL$/$ID:CreateOIDCClient_Misp_Valid_Smoke_sid_clientId$ + endPoint: /idauthentication/v1/kyc-auth/delegated/$a2673y3g3grURL$/$ID:CreateOIDCClient_Misp_Valid_Smoke_sid_clientId$(Delete the U+200B between
$a2673y3g3grURL$and/)🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/BioAuthDelegatedNeg/BioAuthDelegatedNeg.yml` at line 810, The endPoint string contains an invisible U+200B after the token "$a2673y3g3grURL$" causing a malformed URL; remove the zero-width space character immediately after "$a2673y3g3grURL$" so the path reads "/idauthentication/v1/kyc-auth/delegated/$a2673y3g3grURL$/$ID:CreateOIDCClient_Misp_Valid_Smoke_sid_clientId$" exactly, and scan other similar tokens (e.g., $partialPartnerKeyUrl$ style entries) for stray U+200B characters to delete as well.api-test/src/main/resources/ida/BioAuthDelegated/BioAuthDelegated.yml (1)
2-4: Confirm that the previously reported zero-width character (U+200B) fix persists in the current file.The prior review cycle identified hidden U+200B characters inside the
$partialPartnerKeyUrl$/$ID:…endpoint strings. These were reportedly fixed in commits fd07780–1d4e646, but since this is a re-opened/re-added file, verify the fix is still present.#!/bin/bash # Verify no zero-width characters remain in BioAuthDelegated.yml fd "BioAuthDelegated.yml" --full-path | head -5 | xargs -I{} python3 - <<'PY' {} import sys, pathlib, re p = pathlib.Path(sys.argv[1]) pattern = re.compile(r'[\u200b\u200c\u200d\uFEFF]') text = p.read_text(encoding="utf-8") found = [(i+1, repr(l)) for i, l in enumerate(text.splitlines()) if pattern.search(l)] if found: for ln, line in found: print(f"Line {ln}: {line}") else: print("Clean: no zero-width characters found.") PY🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/BioAuthDelegated/BioAuthDelegated.yml` around lines 2 - 4, The endPoint string for auth_BioAuthDelegated_Biometric_Face_With_Valid_uin_Smoke_Pos_Sid may still contain hidden zero‑width characters (U+200B, U+200C, U+200D, U+FEFF) inside the "$partialPartnerKeyUrl$/$ID:CreateOIDCClient_Misp_Valid_Smoke_sid_clientId$" token; open BioAuthDelegated.yml, inspect and remove any zero‑width characters from that endPoint value (and other strings), ensure file is saved as UTF‑8 without BOM, and verify by running the provided detection script or searching for the Unicode codepoints to confirm the file is clean.api-test/src/main/resources/ida/AddIdentity/AddIdentity.yml (1)
1205-1834:⚠️ Potential issue | 🔴 CriticalPre-existing unresolved duplicate YAML key —
auth_AddIdentity_ValidParameters_auditLog_smoke_Pos.The key appears twice in the file (lines 1205 and 1805, uniqueIdentifiers
TC_IDA_dependentTC_AuthTransaction_39andTC_IDA_dependentTC_AuthTransaction_59respectively). In YAML, the second mapping silently shadows the first, so the_39definition is effectively dead. This was flagged in the previous review cycle and remains unaddressed.#!/bin/bash # Confirm the duplicate key and show its two occurrences with surrounding context. grep -n "auth_AddIdentity_ValidParameters_auditLog_smoke_Pos" \ api-test/src/main/resources/ida/AddIdentity/AddIdentity.yml🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/AddIdentity/AddIdentity.yml` around lines 1205 - 1834, There are two YAML mappings with the duplicate key auth_AddIdentity_ValidParameters_auditLog_smoke_Pos (uniqueIdentifier TC_IDA_dependentTC_AuthTransaction_39 and TC_IDA_dependentTC_AuthTransaction_59); remove or rename one so keys are unique (e.g., keep the intended test and rename the other to a distinct key) and, if renaming, update its uniqueIdentifier to a new unused value and any references that expect the old key; locate the entries by the mapping key auth_AddIdentity_ValidParameters_auditLog_smoke_Pos and the uniqueIdentifier symbols to decide which block to keep or rename.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@api-test/src/main/resources/ida/AddIdentity/AddIdentity.yml`:
- Line 1928: The change renames TC_DependentModule_Delegated_IdRepo_01 →
TC_DependentModule_IdRepo_Delegated_01 but leaves
TC_DependentModule_Delegated_IdRepo_02 through
TC_DependentModule_Delegated_IdRepo_09 using the old format, causing mixed
conventions; either (A) update the remaining eight entries to the new naming
(rename each uniqueIdentifier TC_DependentModule_Delegated_IdRepo_02..09 →
TC_DependentModule_IdRepo_Delegated_02..09 to match
TC_DependentModule_IdRepo_Delegated_01), or (B) revert
TC_DependentModule_IdRepo_Delegated_01 back to
TC_DependentModule_Delegated_IdRepo_01 so all entries in this batch use the
original convention—pick one approach and apply it consistently across the
group.
- Around line 2196-2315: Several new smoke tests reuse emails already claimed by
existing entries causing UIN-binding collisions; update the "email" values to
unique addresses for each smoke entry so they don't conflict. For the YAML keys
auth_AddIdentity_For_Kyc_Delegated_leftIris_Auth_UIN_smoke_Pos,
auth_AddIdentity_For_Kyc_Delegated_leftIris_Auth_VID_smoke_Pos,
auth_AddIdentity_For_Kyc_Delegated_rightIris_Auth_UIN_smoke_Pos, and
auth_AddIdentity_withValidParameters_forDelegated_Infant_smoke_Pos, replace the
duplicated local-part (e.g., ...Bio_Auth_iris_smoke_Pos,
...Bio_Auth_leftIris_smoke_Pos, ...Bio_Auth_Rightiris_smoke_Pos,
...delegated_smoke_Pos) with unique email local-parts (follow the existing
pattern used by forOtpDelegated_Pos and forLockedUIN_DemoDelegated_Pos) so each
test has a distinct email and cannot bind to the same UIN as another test.
In `@api-test/src/main/resources/ida/BioAuthDelegated/BioAuthDelegated.yml`:
- Around line 882-885: Update the description for the test case
auth_BioAuthDelegated_Biometric_differentIdTypeForKycExchange_Sid
(uniqueIdentifier TC_IDA_BioAuthDelegated_23) so it clearly describes that the
test validates KYC delegated authentication when the identity was created with a
different idType used for KYC exchange; replace the generic "KYC delegated auth
with valid UIN" text with a specific phrase like "KYC delegated auth where
identity was added with a different idType for KYC exchange" to match the test
name and setup.
- Around line 98-117: The deviceSubType field inside each identityRequest is
incorrectly set to "Full face" for non-Face biometrics; locate each
identityRequest block where bioType is "Iris" or a Finger type (TC_03–TC_25) and
replace deviceSubType with the correct subtype: for Iris entries set
deviceSubType to "Single" (or "Double" if the test is both irises) and for
Finger entries set deviceSubType to "Single" or "Slap" as appropriate; ensure
you update every occurrence of identityRequest.deviceSubType that pairs with
bioType != "Face" so server validation will pass.
- Around line 922-1001: The two test entries
auth_BioAuthDelegated_Biometric_forkYCexchangeWithRandomUIN_Pos_Sid
(TC_IDA_BioAuthDelegated_24) and
auth_BioAuthDelegated_Biometric_forkYCexchangeWithRandomVID_Pos_Sid
(TC_IDA_BioAuthDelegated_25) claim to use "Random" identities but reference
shared keys ($ID:AddIdentity_For_Kyc_Delegated_Bio_Auth_smoke_Pos_UIN$ and
$ID:GenerateVID_for_kycDelegated_bio_sid_vid$) causing cross-test interference;
fix by either renaming the tests to remove "Random" from the names (and
description) to reflect shared setup, or create dedicated unique setup keys and
update the input fields to use them (e.g., replace the $ID:..._smoke_Pos_UIN$
reference in auth_BioAuthDelegated_Biometric_forkYCexchangeWithRandomUIN_Pos_Sid
with a new unique key like
$ID:AddIdentity_For_Kyc_Delegated_Bio_Auth_randomUIN_Pos_UIN$ and similarly
replace $ID:GenerateVID_for_kycDelegated_bio_sid_vid$ in
auth_BioAuthDelegated_Biometric_forkYCexchangeWithRandomVID_Pos_Sid with
$ID:GenerateVID_for_kycDelegated_bio_random_sid_vid$), and ensure any new keys
are only used by these tests to guarantee isolation.
In `@api-test/src/main/resources/ida/OtpAuthKycExchange/OtpAuthKycExchange.yml`:
- Around line 19-20: The YAML has consentObtained and locales defined as arrays
of objects but KycExchangeRequestDTO expects List<String>; update every
occurrence of the consentObtained and locales fields (e.g., the entries shown
around the diffs) to be simple string arrays (e.g., consentObtained:
["gender","birthdate"] and locales: ["eng"]) instead of [{consentObtainedValue:
"gender"}, ...]; if you must keep object form for other uses, ensure keys are
properly quoted and map to the DTO fields, but preferred fix is converting those
fields to plain string arrays across all occurrences referenced in the comment.
---
Duplicate comments:
In `@api-test/src/main/resources/ida/AddIdentity/AddIdentity.yml`:
- Around line 1205-1834: There are two YAML mappings with the duplicate key
auth_AddIdentity_ValidParameters_auditLog_smoke_Pos (uniqueIdentifier
TC_IDA_dependentTC_AuthTransaction_39 and
TC_IDA_dependentTC_AuthTransaction_59); remove or rename one so keys are unique
(e.g., keep the intended test and rename the other to a distinct key) and, if
renaming, update its uniqueIdentifier to a new unused value and any references
that expect the old key; locate the entries by the mapping key
auth_AddIdentity_ValidParameters_auditLog_smoke_Pos and the uniqueIdentifier
symbols to decide which block to keep or rename.
In `@api-test/src/main/resources/ida/BioAuthDelegated/BioAuthDelegated.yml`:
- Around line 2-4: The endPoint string for
auth_BioAuthDelegated_Biometric_Face_With_Valid_uin_Smoke_Pos_Sid may still
contain hidden zero‑width characters (U+200B, U+200C, U+200D, U+FEFF) inside the
"$partialPartnerKeyUrl$/$ID:CreateOIDCClient_Misp_Valid_Smoke_sid_clientId$"
token; open BioAuthDelegated.yml, inspect and remove any zero‑width characters
from that endPoint value (and other strings), ensure file is saved as UTF‑8
without BOM, and verify by running the provided detection script or searching
for the Unicode codepoints to confirm the file is clean.
In `@api-test/src/main/resources/ida/BioAuthDelegatedNeg/BioAuthDelegatedNeg.yml`:
- Around line 34-37: The identity request fields are incorrectly structured and
point to the wrong template: move identityRequestTemplate and
identityRequestEncUrl out of the nested identityRequest object to be root-level
siblings alongside transactionId, remove the duplicated transactionId inside the
identityRequest object, and update the template path for all test cases in this
delegated-negative file (TC01–TC29) to
"ida/BioAuthDelegatedNeg/BioAuthIdentityEncrypt" (replace any
"ida/BioAuth/BioAuthIdentityEncrypt" or "BioAuthIdentityEncrypt2"); locate and
edit the entries that reference the identityRequest object and the duplicated
transactionId to apply these three fixes consistently across all 29 test cases.
- Around line 1114-1116: Update the five ENV-scenario tests that still set
"identityRequestTemplate" to "ida/BioAuth/BioAuthIdentityEncrypt2": change each
value to "ida/BioAuthDelegatedNeg/BioAuthIdentityEncrypt" so TC25–29 use the
delegated template; locate the occurrences by searching for the string
"ida/BioAuth/BioAuthIdentityEncrypt2" in the BioAuthDelegatedNeg YAML and
replace them with "ida/BioAuthDelegatedNeg/BioAuthIdentityEncrypt".
- Line 810: The endPoint string contains an invisible U+200B after the token
"$a2673y3g3grURL$" causing a malformed URL; remove the zero-width space
character immediately after "$a2673y3g3grURL$" so the path reads
"/idauthentication/v1/kyc-auth/delegated/$a2673y3g3grURL$/$ID:CreateOIDCClient_Misp_Valid_Smoke_sid_clientId$"
exactly, and scan other similar tokens (e.g., $partialPartnerKeyUrl$ style
entries) for stray U+200B characters to delete as well.
ℹ️ Review info
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (4)
api-test/src/main/resources/ida/AddIdentity/AddIdentity.ymlapi-test/src/main/resources/ida/BioAuthDelegated/BioAuthDelegated.ymlapi-test/src/main/resources/ida/BioAuthDelegatedNeg/BioAuthDelegatedNeg.ymlapi-test/src/main/resources/ida/OtpAuthKycExchange/OtpAuthKycExchange.yml
api-test/src/main/resources/ida/BioAuthDelegated/BioAuthDelegated.yml
Outdated
Show resolved
Hide resolved
api-test/src/main/resources/ida/OtpAuthKycExchange/OtpAuthKycExchange.yml
Outdated
Show resolved
Hide resolved
Signed-off-by: Likhitha R L <likhitha.rl@technoforte.co.in>
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@api-test/src/main/resources/config/Ida.properties`:
- Around line 23-44: Remove all hardcoded secrets in Ida.properties (e.g.
keycloak_Password, postgres-password, audit_password, partner_password and all
mosip_* client secret keys such as mosip_pms_client_secret,
mosip_resident_client_secret, mosip_idrepo_client_secret,
mosip_reg_client_secret, mosip_admin_client_secret, mosip_hotlist_client_secret,
mosip_regproc_client_secret, mpartner_default_mobile_secret,
mosip_testrig_client_secret, AuthClientSecret), replacing each value with an
environment/secret-store placeholder (or leave empty) and update any code that
reads these properties to resolve from process environment or your secret
manager at runtime; ensure no plaintext defaults remain, add clear names for
required env vars and fail-fast/log a clear error if a required secret is
missing during startup.
ℹ️ Review info
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (4)
api-test/src/main/resources/config/Ida.propertiesapi-test/src/main/resources/ida/BioAuthDelegated/BioAuthDelegated.ymlapi-test/src/main/resources/ida/BioAuthDelegated/BioAuthDelegatedResult.hbsapi-test/src/main/resources/ida/BioAuthDelegatedNeg/BioAuthDelegatedResult.hbs
✅ Files skipped from review due to trivial changes (1)
- api-test/src/main/resources/ida/BioAuthDelegatedNeg/BioAuthDelegatedResult.hbs
🚧 Files skipped from review as they are similar to previous changes (1)
- api-test/src/main/resources/ida/BioAuthDelegated/BioAuthDelegated.yml
added 5 commits
February 26, 2026 10:23
Signed-off-by: Likhitha R L <likhitha.rl@technoforte.co.in>
Signed-off-by: Likhitha R L <likhitha.rl@technoforte.co.in>
Signed-off-by: Likhitha R L <likhitha.rl@technoforte.co.in>
Signed-off-by: Likhitha R L <likhitha.rl@technoforte.co.in>
There was a problem hiding this comment.
Actionable comments posted: 1
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
api-test/src/main/resources/ida/GenerateVID/createGenerateVID.yml (1)
478-504:⚠️ Potential issue | 🔴 CriticalUse rightIris identity data in the rightIris test case.
The test case
auth_GenerateVID_for_kycDelegated_bio_rightIris_sidis documented as testing "right iris biometric data", but it references leftIris identity data:
- Line 489:
AddIdentity_For_Kyc_Delegated_leftIris_Auth_VID_smoke_Pos_UIN- Line 495:
AddIdentity_For_Kyc_Delegated_leftIris_Auth_VID_smoke_Pos_EMAIL- Line 499:
AddIdentity_For_Kyc_Delegated_leftIris_Auth_VID_smoke_Pos_UINThe rightIris identity
AddIdentity_For_Kyc_Delegated_rightIris_Auth_VID_smoke_Posexists in AddIdentity.yml and should be referenced instead to match the test's stated purpose.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/GenerateVID/createGenerateVID.yml` around lines 478 - 504, The test auth_GenerateVID_for_kycDelegated_bio_rightIris_sid is intended to use rightIris identity data but currently references leftIris placeholders; update the three placeholders "AddIdentity_For_Kyc_Delegated_leftIris_Auth_VID_smoke_Pos_UIN" and "AddIdentity_For_Kyc_Delegated_leftIris_Auth_VID_smoke_Pos_EMAIL" (appearing in individualId, otp, and sendOtp.individualId) to the corresponding rightIris identity names "AddIdentity_For_Kyc_Delegated_rightIris_Auth_VID_smoke_Pos_UIN" and "AddIdentity_For_Kyc_Delegated_rightIris_Auth_VID_smoke_Pos_EMAIL" so the inputTemplate for auth_GenerateVID_for_kycDelegated_bio_rightIris_sid aligns with the test description.
♻️ Duplicate comments (2)
api-test/src/main/resources/ida/BioAuthKycExchange/BioAuthKYCExchange.yml (1)
20-20:⚠️ Potential issue | 🟠 MajorUnquoted JSON key
localesValuewill cause parsing errors.Same issue as in
OtpAuthKycExchange.yml— thelocalesValuekey is unquoted across all 27 test cases in this file, making the JSON invalid.🐛 Proposed fix (apply to all occurrences)
- "locales": [{localesValue: "eng"}], + "locales": [{"localesValue": "eng"}],🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/BioAuthKycExchange/BioAuthKYCExchange.yml` at line 20, The YAML contains invalid JSON because the key localesValue is unquoted; update every occurrence (all ~27 test cases) so the locales array entries use a quoted key ("localesValue") instead of localesValue, preserving the existing string value ("eng") and surrounding punctuation so the JSON becomes valid; search for the token localesValue in this file and replace each instance with the quoted form.api-test/src/main/resources/ida/OtpAuthKycExchange/OtpAuthKycExchange.yml (1)
20-20:⚠️ Potential issue | 🟠 MajorUnquoted JSON key
localesValuewill cause parsing errors.The
localesValuekey is not quoted, making this invalid JSON. WhileconsentObtainedValuewas fixed in a previous commit,localesValuestill needs quoting. This occurs on lines 20, 44, 68, 92, 116, and 140.🐛 Proposed fix (apply to all occurrences)
- "locales": [{localesValue: "eng"}], + "locales": [{"localesValue": "eng"}],🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/OtpAuthKycExchange/OtpAuthKycExchange.yml` at line 20, The YAML contains unquoted JSON-style keys inside the locales arrays (e.g., locales: [{localesValue: "eng"}]) which breaks parsing; update every occurrence of the unquoted localesValue key (and any similar unquoted keys like consentObtainedValue) so the key is a quoted string (e.g., "localesValue": "eng") in each locales array entry — ensure you change all occurrences reported (the entries at the locales arrays) so the file is valid JSON/YAML.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@api-test/src/main/resources/ida/AddIdentity/AddIdentity.yml`:
- Around line 1928-1934: Resolve the Git merge conflict markers in the
auth_AddIdentity_For_Kyc_Delegated_Bio_Auth_Smoke_Pos YAML entry by removing the
lines starting with <<<<<<<, =======, and >>>>>>> and choose a single pair of
values for uniqueIdentifier and description (e.g., keep the newer naming
convention: uniqueIdentifier TC_DependentModule_Delegated_IdRepo_01 and the
longer description "Validate that an identity is successfully created using
delegated biometric authentication for KYC"); ensure the final YAML contains
only one uniqueIdentifier and one description field and is valid YAML.
---
Outside diff comments:
In `@api-test/src/main/resources/ida/GenerateVID/createGenerateVID.yml`:
- Around line 478-504: The test
auth_GenerateVID_for_kycDelegated_bio_rightIris_sid is intended to use rightIris
identity data but currently references leftIris placeholders; update the three
placeholders "AddIdentity_For_Kyc_Delegated_leftIris_Auth_VID_smoke_Pos_UIN" and
"AddIdentity_For_Kyc_Delegated_leftIris_Auth_VID_smoke_Pos_EMAIL" (appearing in
individualId, otp, and sendOtp.individualId) to the corresponding rightIris
identity names "AddIdentity_For_Kyc_Delegated_rightIris_Auth_VID_smoke_Pos_UIN"
and "AddIdentity_For_Kyc_Delegated_rightIris_Auth_VID_smoke_Pos_EMAIL" so the
inputTemplate for auth_GenerateVID_for_kycDelegated_bio_rightIris_sid aligns
with the test description.
---
Duplicate comments:
In `@api-test/src/main/resources/ida/BioAuthKycExchange/BioAuthKYCExchange.yml`:
- Line 20: The YAML contains invalid JSON because the key localesValue is
unquoted; update every occurrence (all ~27 test cases) so the locales array
entries use a quoted key ("localesValue") instead of localesValue, preserving
the existing string value ("eng") and surrounding punctuation so the JSON
becomes valid; search for the token localesValue in this file and replace each
instance with the quoted form.
In `@api-test/src/main/resources/ida/OtpAuthKycExchange/OtpAuthKycExchange.yml`:
- Line 20: The YAML contains unquoted JSON-style keys inside the locales arrays
(e.g., locales: [{localesValue: "eng"}]) which breaks parsing; update every
occurrence of the unquoted localesValue key (and any similar unquoted keys like
consentObtainedValue) so the key is a quoted string (e.g., "localesValue":
"eng") in each locales array entry — ensure you change all occurrences reported
(the entries at the locales arrays) so the file is valid JSON/YAML.
ℹ️ Review info
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (11)
api-test/src/main/java/io/mosip/testrig/apirig/auth/testscripts/OtpAuthNew.javaapi-test/src/main/resources/ida/AddIdentity/AddIdentity.ymlapi-test/src/main/resources/ida/AuthInternalLock/AuthInternalLock.ymlapi-test/src/main/resources/ida/BioAuthDelegated/BioAuthDelegated.ymlapi-test/src/main/resources/ida/BioAuthKycExchange/BioAuthKYCExchange.ymlapi-test/src/main/resources/ida/BioAuthKycExchangeV2/BioAuthKycExchangeV2.ymlapi-test/src/main/resources/ida/GenerateVID/createGenerateVID.ymlapi-test/src/main/resources/ida/OtpAuthDelegated/OtpAuthDelegated.ymlapi-test/src/main/resources/ida/OtpAuthDelegatedNeg/OtpAuthDelegatedNeg.ymlapi-test/src/main/resources/ida/OtpAuthKycExchange/OtpAuthKycExchange.ymlapi-test/testNgXmlFiles/authSuite.xml
🚧 Files skipped from review as they are similar to previous changes (4)
- api-test/src/main/resources/ida/OtpAuthDelegated/OtpAuthDelegated.yml
- api-test/src/main/java/io/mosip/testrig/apirig/auth/testscripts/OtpAuthNew.java
- api-test/src/main/resources/ida/BioAuthKycExchangeV2/BioAuthKycExchangeV2.yml
- api-test/src/main/resources/ida/AuthInternalLock/AuthInternalLock.yml
Signed-off-by: Likhitha R L <likhitha.rl@technoforte.co.in>
Signed-off-by: Likhitha R L <likhitha.rl@technoforte.co.in>
There was a problem hiding this comment.
♻️ Duplicate comments (1)
api-test/src/main/resources/ida/OtpAuthKycExchange/OtpAuthKycExchange.yml (1)
20-20:⚠️ Potential issue | 🟠 MajorQuote
localesValuekeys in input JSON payloads.
localesValueis unquoted in all these payloads, which makes the JSON invalid under strict parsers. Keep object form (for the.hbstemplate), but quote the key.🛠️ Proposed fix
- "locales": [{localesValue: "eng"}], + "locales": [{"localesValue": "eng"}],Apply this to all occurrences at Line 20, Line 44, Line 68, Line 92, Line 116, and Line 140.
#!/bin/bash # Verify there are no unquoted localesValue keys left in this file. rg -nP '"locales"\s*:\s*\[\{localesValue\s*:' api-test/src/main/resources/ida/OtpAuthKycExchange/OtpAuthKycExchange.yml # Optional: verify the same anti-pattern is absent across ida test YAMLs. rg -nP '"locales"\s*:\s*\[\{localesValue\s*:' api-test/src/main/resources/idaAlso applies to: 44-44, 68-68, 92-92, 116-116, 140-140
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@api-test/src/main/resources/ida/OtpAuthKycExchange/OtpAuthKycExchange.yml` at line 20, The payloads include unquoted object keys named localesValue inside the "locales": [{localesValue: "eng"}] entries which makes the JSON invalid; update each occurrence of the locales array (the object form used by the .hbs template) to quote the key as "localesValue": "eng" while preserving the surrounding object/array structure, and apply the same change to every occurrence of localesValue in the file (all instances mentioned in the review).
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Duplicate comments:
In `@api-test/src/main/resources/ida/OtpAuthKycExchange/OtpAuthKycExchange.yml`:
- Line 20: The payloads include unquoted object keys named localesValue inside
the "locales": [{localesValue: "eng"}] entries which makes the JSON invalid;
update each occurrence of the locales array (the object form used by the .hbs
template) to quote the key as "localesValue": "eng" while preserving the
surrounding object/array structure, and apply the same change to every
occurrence of localesValue in the file (all instances mentioned in the review).
ℹ️ Review info
Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: ff6936e3-0278-4261-9e3b-d6481cc106ee
📒 Files selected for processing (4)
api-test/src/main/resources/ida/BioAuthDelegatedV2/BioAuthDelegatedV2.ymlapi-test/src/main/resources/ida/BioAuthKycExchangeV2/BioAuthKycExchangeV2.ymlapi-test/src/main/resources/ida/OtpAuthDelegated/OtpAuthDelegated.ymlapi-test/src/main/resources/ida/OtpAuthKycExchange/OtpAuthKycExchange.yml
🚧 Files skipped from review as they are similar to previous changes (2)
- api-test/src/main/resources/ida/OtpAuthDelegated/OtpAuthDelegated.yml
- api-test/src/main/resources/ida/BioAuthKycExchangeV2/BioAuthKycExchangeV2.yml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary by CodeRabbit
New Features
Tests