Skip to content

Commit

Permalink
Merge pull request #326 from hdamker/313-align-with-commonality-decis…
Browse files Browse the repository at this point in the history
…ion-about-optional-device-object-and-respective-documentation

Align quality-on-demand with Commonalties regarding optional device object and error messages
  • Loading branch information
hdamker authored Aug 5, 2024
2 parents adc94d8 + 70ea70e commit 8b094c7
Show file tree
Hide file tree
Showing 2 changed files with 322 additions and 193 deletions.
201 changes: 153 additions & 48 deletions code/API_definitions/qos-profiles.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -24,17 +24,45 @@ info:
It is important to remark that in cases where personal user data is processed by the API, and users can exercise their rights through mechanisms such as opt-in and/or opt-out, the use of 3-legged access tokens becomes mandatory. This measure ensures that the API remains in strict compliance with user privacy preferences and regulatory obligations, upholding the principles of transparency and user-centric data control.
# Identifying a device from the access token
This specification defines the `device` object field as optional in API requests, specifically in cases where the API is accessed using a 3-legged access token, and the device can be uniquely identified by the token. This approach simplifies API usage for API consumers by relying on the device information associated with the access token used to invoke the API.
## Handling of device information:
### Optional device object for 3-legged tokens:
- When using a 3-legged access token, the device associated with the access token must be considered as the device for the API request. This means that the device object is not required in the request, and if included it must identify the same device, therefore **it is recommended NOT to include it in these scenarios** to simplify the API usage and avoid additional validations.
### Validation mechanism:
- The server will extract the device identification from the access token, if available.
- If the API request additionally includes a `device` object when using a 3-legged access token, the API will validate that the device identifier provided matches the one associated with the access token.
- If there is a mismatch, the API will respond with a 403 - INVALID_TOKEN_CONTEXT error, indicating that the device information in the request does not match the token.
### Error handling for unidentifiable devices:
- If the `device` object is not included in the request and the device information cannot be derived from the 3-legged access token, the server will return a 422 `UNIDENTIFIABLE_DEVICE` error.
### Restrictions for tokens without an associated authenticated identifier:
- For scenarios which do not have a single device identifier associated to the token during the authentication flow, e.g. 2-legged access tokens, the `device` object MUST be provided in the API request. This ensures that the device identification is explicit and valid for each API call made with these tokens.
# Further info and support
(FAQs will be added in a later version of the documentation)
version: wip

license:
name: Apache 2.0
url: https://www.apache.org/licenses/LICENSE-2.0.html
version: wip

x-camara-commonalities: 0.4.0

externalDocs:
description: Product documentation at Camara
url: https://github.com/camaraproject/
description: Project documentation at Camara
url: https://github.com/camaraproject/QualityOnDemand

servers:
- url: "{apiRoot}/qos-profiles/vwip"
Expand Down Expand Up @@ -93,9 +121,9 @@ paths:
"403":
$ref: "#/components/responses/Generic403"
"404":
$ref: "#/components/responses/QosProfilesNotFound404"
$ref: "#/components/responses/Generic404"
"500":
$ref: "#/components/responses/QoSProfile500"
$ref: "#/components/responses/Generic500"
"503":
$ref: "#/components/responses/Generic503"

Expand Down Expand Up @@ -138,9 +166,9 @@ paths:
"403":
$ref: "#/components/responses/Generic403"
"404":
$ref: "#/components/responses/QosProfileNotFound404"
$ref: "#/components/responses/Generic404"
"500":
$ref: "#/components/responses/QoSProfile500"
$ref: "#/components/responses/Generic500"
"503":
$ref: "#/components/responses/Generic503"

Expand Down Expand Up @@ -399,76 +427,150 @@ components:

responses:
Generic400:
description: Invalid input
description: Bad Request
headers:
x-correlator:
$ref: '#/components/headers/x-correlator'
$ref: "#/components/headers/x-correlator"
content:
application/json:
schema:
$ref: "#/components/schemas/ErrorInfo"
example:
status: 400
code: INVALID_ARGUMENT
message: "Schema validation failed at ..."
examples:
GENERIC_400_INVALID_ARGUMENT:
description: Invalid Argument. Generic Syntax Exception
value:
status: 400
code: INVALID_ARGUMENT
message: Client specified an invalid argument, request body or query param.
GENERIC_400_OUT_OF_RANGE:
description: Out of Range. Specific Syntax Exception used when a given field has a pre-defined range or a invalid filter criteria combination is requested
value:
status: 400
code: OUT_OF_RANGE
message: Client specified an invalid range.

Generic401:
description: Unauthorized
headers:
x-correlator:
$ref: '#/components/headers/x-correlator'
$ref: "#/components/headers/x-correlator"
content:
application/json:
schema:
$ref: "#/components/schemas/ErrorInfo"
example:
status: 401
code: UNAUTHENTICATED
message: "Authorization failed: ..."
examples:
GENERIC_401_UNAUTHENTICATED:
description: Request cannot be authenticated
value:
status: 401
code: UNAUTHENTICATED
message: Request not authenticated due to missing, invalid, or expired credentials.
GENERIC_401_AUTHENTICATION_REQUIRED:
description: New authentication is needed, authentication is no longer valid
value:
status: 401
code: AUTHENTICATION_REQUIRED
message: New authentication is required.

Generic403:
description: Forbidden
headers:
x-correlator:
$ref: '#/components/headers/x-correlator'
$ref: "#/components/headers/x-correlator"
content:
application/json:
schema:
$ref: "#/components/schemas/ErrorInfo"
example:
status: 403
code: PERMISSION_DENIED
message: "Operation not allowed: ..."

QosProfilesNotFound404:
description: Qos Profiles not found
examples:
GENERIC_403_PERMISSION_DENIED:
description: Permission denied. OAuth2 token access does not have the required scope or when the user fails operational security
value:
status: 403
code: PERMISSION_DENIED
message: Client does not have sufficient permissions to perform this action.
GENERIC_403_INVALID_TOKEN_CONTEXT:
description: Reflect some inconsistency between information in some field of the API and the related OAuth2 Token
value:
status: 403
code: INVALID_TOKEN_CONTEXT
message: "{{field}} is not consistent with access token."

Generic404:
description: Not found
headers:
x-correlator:
$ref: '#/components/headers/x-correlator'
$ref: "#/components/headers/x-correlator"
content:
application/json:
schema:
$ref: "#/components/schemas/ErrorInfo"
example:
status: 404
code: NOT_FOUND
message: "No QoS Profiles found"

QosProfileNotFound404:
description: Qos Profile not found
examples:
GENERIC_404_NOT_FOUND:
description: Resource is not found
value:
status: 404
code: NOT_FOUND
message: The specified resource is not found.
GENERIC_404_DEVICE_NOT_FOUND:
description: Device identifier not found
value:
status: 404
code: DEVICE_NOT_FOUND
message: Device identifier not found.

Generic422:
description: Unprocessable Content
headers:
x-correlator:
$ref: '#/components/headers/x-correlator'
$ref: "#/components/headers/x-correlator"
content:
application/json:
schema:
$ref: "#/components/schemas/ErrorInfo"
example:
status: 404
code: NOT_FOUND
message: "QosProfile Id does not exist"

QoSProfile500:
examples:
GENERIC_422_DEVICE_IDENTIFIERS_MISMATCH:
description: Inconsistency between device identifiers not pointing to the same device
value:
status: 422
code: DEVICE_IDENTIFIERS_MISMATCH
message: Provided device identifiers are not consistent.
GENERIC_422_DEVICE_NOT_APPLICABLE:
description: Service is not available for the provided device
value:
status: 422
code: DEVICE_NOT_APPLICABLE
message: The service is not available for the provided device.
GENERIC_422_UNIDENTIFIABLE_DEVICE:
description: Service is not available for the provided device
value:
status: 422
code: UNIDENTIFIABLE_DEVICE
message: The device cannot be identified.

Generic429:
description: Too Many Requests
headers:
x-correlator:
$ref: "#/components/headers/x-correlator"
content:
application/json:
schema:
$ref: "#/components/schemas/ErrorInfo"
examples:
GENERIC_429_QUOTA_EXCEEDED:
description: Request is rejected due to exceeding a business quota limit
value:
status: 429
code: QUOTA_EXCEEDED
message: Either out of resource quota or reaching rate limiting.
GENERIC_429_TOO_MANY_REQUESTS:
description: API Server request limit is overpassed
value:
status: 429
code: TOO_MANY_REQUESTS
message: Either out of resource quota or reaching rate limiting.

Generic500:
description: Internal server error
headers:
x-correlator:
Expand All @@ -480,18 +582,21 @@ components:
example:
status: 500
code: INTERNAL
message: "Internal server error: Could not get QoS Profile"
message: "Internal server error: ..."

Generic503:
description: Service unavailable
description: Service Unavailable
headers:
x-correlator:
$ref: '#/components/headers/x-correlator'
$ref: "#/components/headers/x-correlator"
content:
application/json:
schema:
$ref: "#/components/schemas/ErrorInfo"
example:
status: 503
code: UNAVAILABLE
message: "Service unavailable"
examples:
GENERIC_503_UNAVAILABLE:
description: Service is not available. Temporary situation usually related to maintenance process in the server side
value:
status: 503
code: UNAVAILABLE
message: Service Unavailable.
Loading

0 comments on commit 8b094c7

Please sign in to comment.