From 8b791a67399d97537c087d4fc06644df15c2072b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?B=C3=A8r=20Kessels?= <ber@berk.es>
Date: Thu, 23 Jan 2025 11:47:29 +0100
Subject: [PATCH] feat: Make the offer-id unpredictable for sphereon

We had it hardcoded. That caused "Race conditions" if multiple badges
were being imported: the last badge offered would be sent to all users
that were importing badges, regardless of if its theirs and if they were
actually importing that badge.
---
 apps/ob3/api.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/apps/ob3/api.py b/apps/ob3/api.py
index 6d97f4f9..3ac071d0 100644
--- a/apps/ob3/api.py
+++ b/apps/ob3/api.py
@@ -59,11 +59,12 @@ def __badge_instance(self, badge_id, user):
             raise Http404
 
     def __issue_sphereon_badge(self, credential):
+        random_offer_id = str(uuid.uuid4());
         offer_request_body = {
             "credentials": ["OpenBadgeCredential"],
             "grants": {
                 "urn:ietf:params:oauth:grant-type:pre-authorized_code": {
-                    "pre-authorized_code": "This-is-sent-via-SMS",
+                    "pre-authorized_code": random_offer_id,
                     "user_pin_required": False
                 }
             },