Fix #1636: For API /auth/combinded assert credentialName

docs/Next-Step-Server-REST-API-Reference.md

@@ -8837,6 +8837,8 @@ The list of expected status codes:
 }
 ```
 
+**The `credentialName` parameter is optional and should not be used or it has to be the same as used for OTP generation.**
+
 #### Response 200
 
 - Headers:

powerauth-nextstep-model/src/main/java/io/getlime/security/powerauth/lib/nextstep/model/request/CombinedAuthenticationRequest.java

@@ -34,7 +34,6 @@
 @Data
 public class CombinedAuthenticationRequest {
 
-    @NotBlank
     @Size(min = 2, max = 256)
     private String credentialName;
     @NotBlank

powerauth-nextstep/src/main/java/io/getlime/security/powerauth/app/nextstep/service/AuthenticationService.java

@@ -551,6 +551,10 @@ public CombinedAuthenticationResponse authenticateCombined(CombinedAuthenticatio
         final IdGeneratorService idGeneratorService = serviceCatalogue.getIdGeneratorService();
 
         final OtpEntity otp = otpService.findOtp(request.getOtpId(), request.getOperationId());
+        if (!request.getCredentialName().equals(otp.getCredentialDefinition().getName())) {
+            throw new InvalidRequestException("Mismatched credentialName for OTP: " + otp.getOtpId() + "'. The credentialName must match the one used for OTP generation.");
+        }
+
         if (otp.getOtpDefinition().isDataAdapterProxyEnabled()) {
             logger.info("Combined authentication proxied through Data Adapter, OTP ID: {}", request.getOtpId());
             return authenticateCombinedCustom(otp.getCredentialDefinition(), otp.getOtpId(), request.getOtpValue(), request.getCredentialValue(), otp.getOperation().getOperationId(), otp.getUserId(), request.getAuthMethod());