[fapi] address PR review feedback

tkan145 · tkan145 · commit 7647f3b1df85 · 2025-10-09T19:16:06.000+10:00
diff --git a/gateway/src/apicast/policy/fapi/README.md b/gateway/src/apicast/policy/fapi/README.md
@@ -54,10 +54,10 @@ Validate requests with a x-fapi-customer-ip-address header containing a valid IP
 
 ### Validate certificate-bound access tokens
 
-Certificate-bound access tokens, as defined in [RFC 8705]((https://datatracker.ietf.org/doc/html/rfc8705)), enhance security by linking tokens to clients, thereby verifying the sender's authorization to access protected resources.
+Certificate-bound access tokens, as defined in [RFC 8705](https://datatracker.ietf.org/doc/html/rfc8705), enhance security by linking tokens to clients, thereby verifying the sender's authorization to access protected resources.
 
 You'll need to:
-* Configure an Identity Provider (IdP) such as Keycloak configured with mTLS and X.509 client certificate authentication.
+* Configure an Identity Provider (IdP) such as Keycloak with mTLS and X.509 client certificate authentication.
 * Configure the gateway to handle mTLS client certificate authentication.
 * Enable `validate_oauth2_certificate_bound_access_token` in the FAPI plugin.
 
diff --git a/gateway/src/apicast/policy/fapi/fapi.lua b/gateway/src/apicast/policy/fapi/fapi.lua
@@ -98,15 +98,15 @@ end
 function _M:header_filter()
   --- 6.2.1.11
   -- shall set the response header x-fapi-interaction-id to the value received from the corresponding FAPI client request header or to a RFC4122 UUID value if the request header was not provided to track the interaction
-  local transaction_id = ngx.req.get_headers()[X_FAPI_INTERACTION_ID_HEADER]
-  if not transaction_id or transaction_id == "" then
+  local interaction_id = ngx.req.get_headers()[X_FAPI_INTERACTION_ID_HEADER]
+  if not interaction_id or interaction_id == "" then
       -- Nothing found, generate one
-    transaction_id = ngx.resp.get_headers()[X_FAPI_INTERACTION_ID_HEADER]
-    if not transaction_id or transaction_id == "" then
-      transaction_id = uuid.generate_v4()
+    interaction_id = ngx.resp.get_headers()[X_FAPI_INTERACTION_ID_HEADER]
+    if not interaction_id or interaction_id == "" then
+      interaction_id = uuid.generate_v4()
     end
   end
-  ngx.header[X_FAPI_INTERACTION_ID_HEADER] = transaction_id
+  ngx.header[X_FAPI_INTERACTION_ID_HEADER] = interaction_id
 end
 
 return _M
