From 4724ed5c5d3bccbe396cf78568dedf5b16809a30 Mon Sep 17 00:00:00 2001
From: Matthias Mohr <m.mohr@uni-muenster.de>
Date: Wed, 14 Apr 2021 14:53:20 +0200
Subject: [PATCH 1/2] Improvements for issue #379

---
 CHANGELOG.md |  2 ++
 errors.json  |  8 ++++++++
 openapi.yaml | 13 +++++++------
 3 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ef03f68b..17d4ec92 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - `GET /credentials/oidc` can provide a set of default client ids for OpenID Connect. [#366](https://github.com/Open-EO/openeo-api/pull/366)
 - `experimental` and `deprecated` flags added for file formats, service types, udf runtimes, udf runtime versions, udf runtime libraries and all related parameters and schemas. [#354](https://github.com/Open-EO/openeo-api/issues/354)
 - `GET /jobs/{job_id}/logs` and `GET /services/{service_id}/logs`: `time` property added. [#330](https://github.com/Open-EO/openeo-api/issues/330)
+- Added error `FileExpired`.  [#379](https://github.com/Open-EO/openeo-api/issues/379)
 
 ### Changed
 
@@ -21,6 +22,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Clarified how process exceptions should be used. [#352](https://github.com/Open-EO/openeo-api/issues/352)
 - Clarified that billing plans, service names and file formats must be accepted case-insensitive. [#371](https://github.com/Open-EO/openeo-api/issues/371)
 - Clarified that the first provider listed at `GET /credentials/oidc` is the default provider for OpenID Connect.
+- Clarified that `GET /jobs/{job_id}/results` should always return valid signed URLs and the endpoint can be used to renew the signed URLs. [#379](https://github.com/Open-EO/openeo-api/issues/379)
 - Fixed casing of potential endpoints `GET /collections/{collection_id}/items` and `GET /collections/{collection_id}/items/{feature_id}`.
 
 ## 1.0.1 - 2020-12-07
diff --git a/errors.json b/errors.json
index 1ed940c3..d9704233 100644
--- a/errors.json
+++ b/errors.json
@@ -290,6 +290,14 @@
 			"Batch Jobs"
 		]
 	},
+	"LinkExpired": {
+		"description": "The signed URLs for batch job results have expired. Please send a request to `GET /jobs/{job_id}/results` to refresh the links.",
+		"message": "The links to the batch job results have expired. Please request the results again.",
+		"http": 410,
+		"tags": [
+			"Batch Jobs"
+		]
+	},
 	"PaymentRequired": {
 		"description": "The budget required to fulfil the request is insufficient.",
 		"message": "The budget required to fulfil the request is not sufficient. A payment is required first.",
diff --git a/openapi.yaml b/openapi.yaml
index ba6987ce..c44e92de 100644
--- a/openapi.yaml
+++ b/openapi.yaml
@@ -2980,17 +2980,15 @@ paths:
     get:
       summary: Download results for a completed batch job
       operationId: list-results
-      description: >-
+      description: |-
         Lists signed URLs pointing to the processed files after the batch job
         has finished. Back-ends may also point to intermediate results after the
         job has stopped due to an error.
-        
 
         The response includes additional metadata. It is a valid
-        [STAC Item (version 0.9.0)](https://github.com/radiantearth/stac-spec/tree/v0.9.0/item-spec)
+        [STAC Item](https://github.com/radiantearth/stac-spec/tree/v0.9.0/item-spec)
         if it has spatial and temporal references included.
 
-
         URL signing is a way to protect files from unauthorized access with a
         key in the URL instead of HTTP header based authorization. The URL
         signing key is similar to a password and its inclusion in the URL allows
@@ -2998,8 +2996,11 @@ paths:
         programs, e.g. web browsers or download managers. Back-ends are
         responsible to generate the URL signing keys and to manage their
         appropriate expiration. The back-end MAY indicate an expiration time by
-        setting the `expires` property.
-
+        setting the `expires` property in the reponse. Requesting this endpoint
+        SHOULD always return valid URLs. If the links generated for a previous
+        request have expired, the signed URLs SHOULD be renewed. 
+        Once the signed URLs have expired, the signed URLs MAY return the openEO
+        error `LinkExpired`.
 
         If processing has not finished yet requests to this endpoint MUST be
         rejected with openEO error `JobNotFinished`.

From 85b73779f6e537ad3b4d0391fbe04a046258891e Mon Sep 17 00:00:00 2001
From: Matthias Mohr <m.mohr@uni-muenster.de>
Date: Wed, 14 Apr 2021 18:30:57 +0200
Subject: [PATCH 2/2] Feedback from code review

---
 CHANGELOG.md | 2 +-
 errors.json  | 4 ++--
 openapi.yaml | 8 ++++----
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 17d4ec92..31144347 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,7 +11,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - `GET /credentials/oidc` can provide a set of default client ids for OpenID Connect. [#366](https://github.com/Open-EO/openeo-api/pull/366)
 - `experimental` and `deprecated` flags added for file formats, service types, udf runtimes, udf runtime versions, udf runtime libraries and all related parameters and schemas. [#354](https://github.com/Open-EO/openeo-api/issues/354)
 - `GET /jobs/{job_id}/logs` and `GET /services/{service_id}/logs`: `time` property added. [#330](https://github.com/Open-EO/openeo-api/issues/330)
-- Added error `FileExpired`.  [#379](https://github.com/Open-EO/openeo-api/issues/379)
+- Added error `ResultLinkExpired`.  [#379](https://github.com/Open-EO/openeo-api/issues/379)
 
 ### Changed
 
diff --git a/errors.json b/errors.json
index d9704233..c3b9e2f7 100644
--- a/errors.json
+++ b/errors.json
@@ -290,9 +290,9 @@
 			"Batch Jobs"
 		]
 	},
-	"LinkExpired": {
+	"ResultLinkExpired": {
 		"description": "The signed URLs for batch job results have expired. Please send a request to `GET /jobs/{job_id}/results` to refresh the links.",
-		"message": "The links to the batch job results have expired. Please request the results again.",
+		"message": "The link to the batch job result has expired. Please request the results again.",
 		"http": 410,
 		"tags": [
 			"Batch Jobs"
diff --git a/openapi.yaml b/openapi.yaml
index c44e92de..787a4115 100644
--- a/openapi.yaml
+++ b/openapi.yaml
@@ -2997,10 +2997,10 @@ paths:
         responsible to generate the URL signing keys and to manage their
         appropriate expiration. The back-end MAY indicate an expiration time by
         setting the `expires` property in the reponse. Requesting this endpoint
-        SHOULD always return valid URLs. If the links generated for a previous
-        request have expired, the signed URLs SHOULD be renewed. 
-        Once the signed URLs have expired, the signed URLs MAY return the openEO
-        error `LinkExpired`.
+        SHOULD always return non-expired URLs. Signed URLs that were generated
+        for a previous request and already expired SHOULD NOT be reused,
+        but regenerated with new expiration time.
+        Signed URLs that expired MAY return the openEO error `ResultLinkExpired`.
 
         If processing has not finished yet requests to this endpoint MUST be
         rejected with openEO error `JobNotFinished`.