Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add API-Name aka wild-card scope #103

Merged
merged 3 commits into from
Jun 12, 2024
Merged

add API-Name aka wild-card scope #103

Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
60904db
add API-Name aka wild-card scope
AxelNennker May 3, 2024
f1a3e28
Merge branch 'main' into main
bigludo7 Jun 12, 2024
e0614db
Update sim_swap.yaml
bigludo7 Jun 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions code/API_definitions/sim_swap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,8 @@ paths:
security:
- openId:
- sim-swap:retrieve-date
- openId:
- sim-swap
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we don't need to repeat the "openId", we can just add it to the existing array

Suggested change
- openId:
- sim-swap:retrieve-date
- openId:
- sim-swap
- openId:
- sim-swap:retrieve-date
- sim-swap

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that two scopes mean that both scopes must be in the access token at the same time.

https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#security-requirement-object

If the security scheme is of type "oauth2" or "openIdConnect", then the value is a list of scope names required for the execution, ....

For example if the API has a scopes "write:pets" and "read:pets" then the "manage" endpoint requires both scopes, while the getById endpoint just needs "read:pets".

The way I proposed means: "one of the security objects must fit"
So, I think, that

        - openId:
          - sim-swap:retrieve-date
        - openId:
          - sim-swap

means that if the access token has scope sim-swap:retrieve-date then pass or if the access token has scope sim-swap then pass.

The client can thus request an access token with the scope sim-swap and the the AZ grants it. Then that access token has the scope sim-swap and the RS would let the API-request pass at both the two endpoints.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I did more research and indeed you are right so we can proceed this way

tags:
- Retrieve SIM swap date
description: Get timestamp of last MSISDN <-> IMSI pairing change for a mobile user account provided with MSIDN.
Expand Down Expand Up @@ -113,6 +115,8 @@ paths:
security:
- openId:
- sim-swap:check
- openId:
- sim-swap
fernandopradocabrillo marked this conversation as resolved.
Show resolved Hide resolved
tags:
- Check SIM swap
description: Check if SIM swap has been performed during a past period
Expand Down