✨ New Features

• 77a0c2a - adding card-service and point-of-sale (PR #3715 by @mkurapov)

✨ New Features

• 539ced6 - auth: add subject to grant (PR #3440 by @cozminu)

The subject field feature in the Open Payments auth server adds a way for Open Payment clients to simply verify the ownership of a wallet address, without requiring an outgoing payment grant.

For integrators, this concerns the IDP behaviour. Now, when the IDP requests a grant lookup (you can see the updated OpenAPI specs here), instead of (or alongside) the access_token, it's possible to get back a subject field in the following format:

"subject": {
    "sub_ids": [
      {
        "id": "{{walletAddress}}",
        "format": "uri"
      }
    ]
  }

Here, the IDP must verify that the end user does in fact own the requested wallet address, which means updating the consent screen with the proper verbiage for the user. As an example, in the mock ASE, when the subject is requested, the consent screen presents "{thirdPartyName} is asking you to confirm ownership of {walletAddress} wallet address".

Updating the consent screen, and making the check that the wallet address belongs to the user going through the interaction are the required changes in the IDP. Approve & finish behaviour remains the same.

• 3614303 - WALLET_ADDRESS_NOT_FOUND_POLLING_ENABLED flag in backend (PR #3719 by @mkurapov)

Behaviour change: Whenever a wallet address is fetched using Open Payments API, we send a wallet_address.not_found webhook in order for the ASE to have an opportunity to create a wallet address "on the fly". Previously, this was enabled by default, and now, this is disabled by default. If you need to enable this, you will need to enable WALLET_ADDRESS_NOT_FOUND_POLLING_ENABLED flag in backend.

🐛 Bug Fixes

• 2fb0a36 - auth: add tenantId in grant request route in hash generation (PR #3728 by @mkurapov)

Made sure that during hash generating in the auth server, we use the full grant URL/auth server URL along with the tenantId.

🔧 Chores

• 8b1ec9c - deps: update dependency undici@>=6.0.0 to ^6.21.2 [security] (PR #3432 by @renovate[bot])

Full Changelog: v2.0.0-beta...v2.1.0-beta

✨ New Features

• 076fbd0 - WALLET_ADDRESS_NOT_FOUND_POLLING_ENABLED flag in backend (PR #3719 by @mkurapov)

Behaviour change: Whenever a wallet address is fetched using Open Payments API, we send a wallet_address.not_found webhook in order for the ASE to have an opportunity to create a wallet address "on the fly". Previously, this was enabled by default, and now, this is disabled by default. If you need to enable this, you will need to enable WALLET_ADDRESS_NOT_FOUND_POLLING_ENABLED flag in backend.

🐛 Bug Fixes

• fdedc33 - backend: dependency issues (PR #3703 by @cozminu)

✅ Tests

• 7b817af - backend: update wallet address route test (commit by @mkurapov)

🚀 Multi-tenancy support added

Overview

In this release, we have added support for multi-tenancy in Rafiki. This allows single Rafiki instance to service multiple account servicing entities (ASEs).

There is no "opt out" of multi-tenancy, Rafiki is multi-tenant by default.

Migration guide

The entity responsible for managing a Rafiki instance that serves multiple ASEs is called an operator. When upgrading from v1-beta version of Rafiki to v2-beta, an operator tenant is seeded automatically (given the environment variables below) and all of the existing resources are backfilled to reference the operator tenant.

An operator is then able to create individual tenants, and create, manage resources & liquidity for them. This is done through the backend Admin API. The tenant details/settings (and the updates to those details) are propagated to the auth service with a new "tenant" auth API.

At a high level, the main changes require:

1. Generating a V4 UUID to set as the operator id
2. Start signing Admin API requests to both backend and auth APIs, if not done so already. This is necessary to determine which tenant is making a request to the APIs.
3. Expose the tenant API in auth to listen to any tenant information changes propagated from backend.

Necessary auth changes

1. Set OPERATOR_TENANT_ID to a V4 UUID.
2. ADMIN_API_SECRET to a strong, random secret.
3. Expose the tenant service API port (by default it is 3011). This is to listen to any changes to the tenant information from backend.

Necessary backend changes

1. Set OPERATOR_TENANT_ID to a V4 UUID (the same as the auth).
2. Set ADMIN_API_SECRET to a strong, random secret. (for ease of use when signing requests, set it to same as the auth).
   Please note, if you were already signing the Admin API requests to backend, API_SECRET was renamed to ADMIN_API_SECRET, and API_SIGNATURE_VERSION was renamed to API_SIGNATURE_VERSION.
3. Set AUTH_SERVICE_API_URL to the full URL of new exposed tenant auth service.

Necessary frontend changes

1. When first interacting with frontend, the tenant (or operator) credentials must be entered akin to a login screen.

Necessary changes to your integration server

1. Update createWalletAddress mutation input. Now, instead of a full url path, the mutation takes in address, which could be a full URL or just a path. If a path is entered, it will act as a suffix to the defined OPEN_PAYMENTS_URL if the request is on behalf of an operator, or a suffix to the defined wallet address URL tenant setting, if the request is from a non-operator tenant.
2. Update walletAddress resolver to fetch address instead of url.
3. Start signing requests to the backend and auth Admin APIs. An example of signing requests with the Apollo GraphQL client can be found in our mock-ase here.
   Example code:

const httpLink = new HttpLink({
  uri: process.env.ADMIN_API_URL,
  enhancedClientAwareness: { transport: false } // necessary to avoid adding additional properties into request object
});

const createAuthLink = (args: { tenantId: string, apiSecret: string, signatureVersion: number }) => {
  return setContext((request, { headers }) => {
    
    const timestamp = Date.now()

    const { query, variables, operationName } = request
    const formattedRequest = {
      variables,
      operationName,
      query: print(query)
    }

    const payload = `${timestamp}.${canonicalize(formattedRequest)}`
    
    const digest = createHmac('sha256', args.apiSecret)
      .update(payload)
      .digest('hex')

    return {
      headers: {
        ...headers,
        signature: `t=${timestamp}, v${args.signatureVersion}=${digest}`,
        ['tenant-id']: args.tenantId
      }
    };
  })
}

✨ New Features

• f8c4684 - Multi-Tenancy v1 (PR #3413 by @njlie)
• cf3f946 - setup i18n for rafiki docs (PR #3521 by @huijing)
• cb847fb - migrate from astro-graphql-plugin to spectaql (PR #3536 by @huijing)
• 083660b - mock-ase: swapped receiver/sender bruno env; ASE env vars (PR #3565 by @njlie)
• 007891e - frontend: tenant settings fields for tenant create (PR #3572 by @njlie)
• 490f627 - frontend: use tenant wallet address prefix in admin UI (PR #3570 by @njlie)
• 6c6f50a - backend: tenant id filter tests for gql pagination (PR #3567 by @njlie)
• 960bf1c - backend: add tenant id to some liquidity resolvers (PR #3579 by @njlie)
• c32fdde - backend: optional debitAmount increateOutgoingPaymentFromIncomingPayment mutation (PR #3631 by @mkurapov)
• 0c08e41 - auth: start storing apiSecret in auth and add tenant signature middleware (PR #3696 by @mkurapov)
• 0afe257 - auth: add tenant boundaries to auth GraphQL resolvers (PR #3697 by @mkurapov)
• 2cc4ca1 - backend: enforce uniqueness on tenant wallet address prefixes (PR #3695 by @njlie)

🐛 Bug Fixes

• 8539446 - update default autopeer link to testnet (PR #3583 by @dragosp1011)
• c4f4520 - masl: seed script in MASE (PR #3588 by @mkurapov)
• 8e3cf96 - localenv: fix env, localenv, bruno errors (PR #3603 by @njlie)
• b5c71d5 - update README with correct link (commit by @bkanishka004)
• b6a535d - backend: dependency issues (PR #3703 by @cozminu)

🔧 Chores

• 32b51a6 - deps: fix critical vulnerability (PR #3582 by @cozminu)
• 97178b5 - backend, auth: use open-payments-specifications as submodule (PR #3615 by @sanducb)
• f1375f3 - backend: remove peer id from outgoing payment model (PR #3617 by @sanducb)
• 7b996b5 - auth: re-generate auth graphql (PR #3702 by @mkurapov)
• f8709db - auth, backend: removed unused multi-tenancy features, update env variables (PR #3699 by @mkurapov)

💥 BREAKING CHANGES

• due to 16b501e - removed 'updatedAt' from incoming and outgoing payments responses from OP (PR #3429 by @oana-lolea):
  • This change removes updatedAt from incoming and outgoing payments in Open Payments and the backend Admin API GraphQL schema. This means you will need to remove updatedAt field from mutations and queries that resolve incoming and outgoing payments when making requests to the backend Admin API.
  • Grant request for outgoing payments limits (Open Payments API) can take in debitAmount XOR receiveAmount (instead of allowing both)

✨ New Features

• f5b325f - localenv: add histogram for outgoing payment completion time (PR #3438 by @njlie)
• 7d8079f - backend: return minSendAmount in quote responses (PR #3411 by @cozminu)
  • Now, we are returning objects in the resource server responses, instead of just text. In addition, for some quoting errors, we return a minSendAmount to specify the minimum amount the sender needs to add in the quote for it to succeed. For example, POST /quotes in Open Payments for an amount that cannot be satifsfied would return an error object like this:

{
  "error": {
    "code": "400",
    "description": "non-positive receive amount",
    "details": {
      "minSendAmount": {
        "value": "112",
        "assetCode": "USD",
        "assetScale": 2
      }
    }
  }
}

• 6bcf7c7 - add starlight-fullview-mode plugin (PR #3431 by @huijing)
• 9510f99 - bruno: add grant cancellation request (PR #3458 by @BlairCurrey)

🐛 Bug Fixes

• 33e54d5 - backend: update minSendAmount in local and ILP payments (PR #3480 by @mkurapov)

🔧 Chores

• a5077c5 - upgrade graphql (PR #3445 by @BlairCurrey)
• 16b501e - removed 'updatedAt' from incoming and outgoing payments responses from OP (PR #3429 by @oana-lolea)

🔧 Supported versions

• Supports Open Payments NodeJS clients >= 7.0.0
• TigerBeetle: Oldest upgradable replica version: 0.16.25

✨ New Features

• 8783194 - backend: improved redirect url for wallet address (PR #3425 by @cozminu)

🐛 Bug Fixes

• 6488c55 - backend: local payments - allow multiple outgoing payments pay into single incoming (PR #3428 by @mkurapov)

✨ New Features

• 4905027 - backend: rework fixed send fee calculation (PR #3376 by @cozminu)

🔧 Chores

• bc5bbae - bump dependencies to latest versions (PR #3387 by @huijing)

Supported versions

• TigerBeetle: Oldest upgradable replica version: 0.16.25
• Open Payments Node SDK: 6.x.x

✨ New Features

• 1cd0790 - backend: better errors during token introspection in RS (PR #3346 by @cozminu)
  • For Open Payments clients, we now differentiate between "Inactive Token" vs "Insufficient Grant" errors when making a request to the resource server. For the former, an Open Payments client will simply need to rotate the token, for the latter, a new grant must be requested with the correct permissions for the resource.
• 3d40648 - auth: use gnap error middleware on idp api (PR #3094 by @njlie)
  • Now, errors from the IDP server return properly formatted objects, similar to the errors thrown in the AS
• 5c7f1fa - auth: handle expired interactions gracefully during finish (PR #3340 by @njlie)
  • Improved IDP error handling: redirect back to the client when possible, providing better error descriptions in redirect URL, particularly during expired interactions
• ce17e0f - backend: redirect to webpage when querying payment pointer in browser (PR #3298 by @cozminu)
  • Now, integrators can set WALLET_ADDRESS_REDIRECT_HTML_PAGE env flag which will allow doing a 302 redirect to a webpage for a wallet address query, if the accept header of the incoming request istext/html(typically from a browser)
• 36107b1 - backend: unique keys per wallet address (PR #2863 by @sabineschaller, @oana-lolea)
• ee45d61 - docs: added basic site tracking using Umami (PR #3157 by @JoblersTune)
• 636a1ca - backend: check grant receiver to match quote receiver (PR #3248 by @cozminu)
• 308ed37 - backend: Check quote expiry in outgoing payment worker (#3141) (PR #3173 by @CollinsMunene)
• 286f146 - backend: bump tb from 0.15.4 to 0.16.29 (PR #3323 by @koekiebox)
• 7d197f3 - webhook: provide grant id in outgoing payment events (PR #3335 by @dragosp1011)
• ba7cac7 - backend: directly use resource server URL to generate URLs for OP (PR #3341 by @cozminu)
• f57695b - backend,mase: admin api healthcheck (PR #3199 by @BlairCurrey)
• cbd3a0c - backend: deadlocks (PR #3320 by @BlairCurrey)

🐛 Bug Fixes

• 0b4cac3 - backend: await signature verification (PR #3175 by @mkurapov)
  • Signature verification for backend API was fixed. If you have API_SECRET set in the environment variables for securing the backend Admin API, and you are not signing the GraphQL requests, you will being seeing a 401 Unauthorized error. Please start signing your Admin API requests, or remove API_SECRET environment variable until you are able to sign requests.
• 7f1a822 - mock-ase: process is undefined error in client (PR #3275 by @cozminu)
• a338e5d - backend: allow admin api to query all receivers and move checks (PR #3314 by @cozminu)

🔧 Chores

• 115a0e4 - performance: add signature header to fix 401 (PR #3237 by @BlairCurrey)
• 641d23b - performance create receiver 401 with multiple vus (PR #3300 by @BlairCurrey)
• 8944114 - deps: update dependency isbot to ^5.1.18 (PR #3081 by @renovate[bot])
• 4a4fbd0 - deps: update dependency axios to v1.7.9 (PR #3080 by @renovate[bot])
• 44cc122 - deps: update dependency class-variance-authority to ^0.7.1 (PR #3194 by @renovate[bot])
• d4070a6 - deps: update dependency mermaid to ^11.4.1 (PR #3188 by @renovate[bot])
• 643c46b - deps: update dependency objection to ^3.1.5 (PR #3189 by @renovate[bot])
• 3207094 - deps: update dependency koa to ^2.15.3 (PR #3186 by @renovate[bot])
• 05297a2 - deps: update dependency astro to v4.16.18 [security] (PR #3185 by @renovate[bot])
• 9ea13b0 - deps: update dependency yaml to ^2.7.0 (PR #3195 by @renovate[bot])
• 7c3f117 - deps: update graphql-tools monorepo (PR #3207 by @renovate[bot])
• 034740d - deps: update dependency isbot to ^5.1.21 (PR #3203 by @renovate[bot])
• 1274d49 - deps: update dependency koa to v2.15.4 [security] (PR #3297 by @renovate[bot])
• 7f6c28b - deps: update dependency @interledger/openapi to v2.0.2 (PR #3193 by @renovate[bot])
• ea10375 - deps: update dependency isbot to ^5.1.22 (PR #3287 by @renovate[bot])
• 5c370d6 - deps: update dependency starlight-links-validator to ^0.14.3 (PR #3288 by @renovate[bot])
• 076e8d3 - deps: update dependency isbot to ^5.1.23 (PR #3313 by @renovate[bot])
• f2ace04 - deps: update dependency dotenv to ^16.4.7 (PR #3155 by @renovate[bot])
• 07e8c7c - deps: update dependency tailwindcss to ^3.4.17 (PR #3089 by @renovate[bot])
• ade2318 - deps: update dependency nock to ^13.5.6 (PR #3181 by @renovate[bot])
• 0ffc609 - deps: update dependency nock to v14.0.0-beta.19 (PR #3184 by @renovate[bot])
• 1834683 - deps: update dependency postcss to ^8.4.49 (PR #3192 by @renovate[bot])
• d542ffd - deps: update dependency @tailwindcss/forms to ^0.5.10 (PR #3205 by @renovate[bot])
• 6a9ca67 - deps: update dependency eslint-plugin-jsx-a11y to ^6.10.2 (PR #3210 by @renovate[bot])
• b51b77e - deps: update dependency @types/lodash to ^4.17.14 (PR #3200 by @renovate[bot])
• 08cc777 - deps: update dependency node-mocks-http to ^1.16.2 (PR #3212 by @renovate[bot])
• f14a8c5 - deps: update dependency go to v1.23.5 (PR #3211 by @renovate[bot])
• 8fdb6e7 - deps: update dependency cross-fetch to ^4.1.0 (PR #3208 by @renovate[bot])
• 5296b95 - deps: update dependency npm-run-all2 to ^6.2.6 (PR #3216 by @renovate[bot])
• 79cca16 - deps: update dependency postcss to ^8.5.1 (PR #3217 by @renovate[bot])
• 836cff2 - deps: update dependency testcontainers to ^10.16.0 *(PR #3218 by @r...

🔧 Chores

• cc9ef41 - ci: create manifest list in release action (PR #3168 by @mkurapov)

Compatibility

• Open Payments client: 6.x.x
• TigerBeetle: 0.15.4

✨ New Features

• aa77aea - localenv: add performance metrics (PR #2999 by @BlairCurrey)
• eae95ad - backend: add local payment (PR #2857 by @BlairCurrey)
• 8c1390d - auth: return GNAP 404 error if token cannot be rotated (PR #3101 by @golobitch)
• 98e165a - backend: caching on asset and wallet address including other enhancements (PR #3041 by @koekiebox)
• 8c8a9b9 - backend: use cache when fetching outgoing payment in worker (PR #3142 by @mkurapov)

🐛 Bug Fixes

• 29dc6c6 - deps: update dependency mermaid to v10.9.3 [security] (PR #3059 by @renovate[bot])
• dbbcd9c - deps: update dependency astro to v4.16.1 [security] (PR #3060 by @renovate[bot])
• 1b24e27 - deps: update dependency axios to v1.7.4 [security] (PR #3061 by @renovate[bot])
• 8651fe5 - Admin UI error Auth redirect (PR #3047 by @DarianM)
• dcc0cf8 - deps: update dependency @headlessui/react to ^1.7.19 (PR #3079 by @renovate[bot])
• a02aafa - fixed error where no assets were found when opening create peer page (PR #3095 by @oana-lolea)
• e065312 - backend: update packet expiry error handling (PR #3135 by @sanducb)
• 5c21c94 - backend: inverted rate (PR #3165 by @BlairCurrey)

🔧 Chores

• a7417e6 - update renovate.json file (PR #3058 by @mkurapov)
• 509f9ca - deps: update dependency yaml to ^2.6.0 (PR #2947 by @renovate[bot])
• 60dc11a - deps: update dependency @interledger/open-payments to v6.13.2 (PR #3031 by @renovate[bot])
• a84ad3d - deps: update apollo graphql packages (PR #2924 by @renovate[bot])
• 179d859 - deps: update dependency @swc/jest to ^0.2.37 (PR #3063 by @renovate[bot])
• 42891b9 - deps: update dependency @tailwindcss/forms to ^0.5.9 (PR #3064 by @renovate[bot])
• c7af670 - deps: update dependency @types/lodash to ^4.17.13 (PR #3066 by @renovate[bot])
• d9d9878 - deps: update dependency eslint to ^8.57.1 (PR #3068 by @renovate[bot])
• fcba95e - deps: update dependency nock to v14.0.0-beta.15 (PR #3070 by @renovate[bot])
• fc856ba - deps: update dependency @types/jest to ^29.5.14 (PR #3065 by @renovate[bot])
• 2c479ee - deps: update dependency autoprefixer to ^10.4.20 (PR #3067 by @renovate[bot])
• 47669db - deps: update dependency nock to ^13.5.5 (PR #3069 by @renovate[bot])
• cd3d893 - deps: update dependency postcss to ^8.4.47 (PR #3072 by @renovate[bot])
• dc6fcf2 - token invalid throw 401 instead of return public incoming payment (PR #3062 by @DarianM)
• d30deeb - update frontend environment variables (PR #3030 by @oana-lolea)
• b912bff - Fix mock ASE seeding script (PR #3050 by @oana-lolea)
• 43d8498 - ci: use fallback registry for trivy db fetch (commit by @mkurapov)
• b3c7fa7 - fix vulnerabilities (PR #3087 by @mkurapov)
• 5ede3e0 - routine dependency bumps (PR #3099 by @JoblersTune)
• ad9ca7c - removed Glossary page's overview section (PR #3136 by @JoblersTune)
• 5de6208 - update accountingTransfer limit to 20 (PR #3115 by @oana-lolea)
• 497d160 - Added state and expiry date to accounting transfer (PR #3131 by @oana-lolea)
• 4e68d7f - deps: update pnpm to v8.15.9 (PR #3078 by @renovate[bot])
• d72fe7b - re-enable Prettier for docs (PR #3147 by @JoblersTune)
• 6ef0a06 - backend: fix incrementCounterWithTransactionAmount function (PR #3146 by @mkurapov)
• 61a4028 - add override for cross-spawn vulnerability (PR #3154 by @mkurapov)

Compatibility

• Open Payments clients: 6.x.x
• TigerBeetle: 0.15.4