-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add API-Name aka wild-card scope #103
Conversation
Signed-off-by: Axel Nennker <[email protected]>
@AxelNennker after reading the related issue I think we should wait for ICM final decision before adding anything |
Hi @fernandopradocabrillo , hi @bigludo7 , I believe that "wildcard" and "purpose" were mixed together in ICM's purpose discussion because an example about "purpose" contained a wildcard scope.
Now we have "purpose" defined in Camara Security and Interoperability Profile. I think because scope guidlelines are in https://github.com/camaraproject/Commonalities/blob/main/documentation/API-design-guidelines.md#1161-scope-naming the "wild-card" or <API-Name> guideline should be there. I guess, if the SimSwap-WG wants to wait on scope guidelines then we should wait for Commonalities. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/LGTM
code/API_definitions/sim_swap.yaml
Outdated
- openId: | ||
- sim-swap:retrieve-date | ||
- openId: | ||
- sim-swap |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we don't need to repeat the "openId", we can just add it to the existing array
- openId: | |
- sim-swap:retrieve-date | |
- openId: | |
- sim-swap | |
- openId: | |
- sim-swap:retrieve-date | |
- sim-swap |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that two scopes mean that both scopes must be in the access token at the same time.
https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#security-requirement-object
If the security scheme is of type "oauth2" or "openIdConnect", then the value is a list of scope names required for the execution, ....
For example if the API has a scopes "write:pets" and "read:pets" then the "manage" endpoint requires both scopes, while the getById endpoint just needs "read:pets".
The way I proposed means: "one of the security objects must fit"
So, I think, that
- openId:
- sim-swap:retrieve-date
- openId:
- sim-swap
means that if the access token has scope sim-swap:retrieve-date then pass or if the access token has scope sim-swap then pass.
The client can thus request an access token with the scope sim-swap and the the AZ grants it. Then that access token has the scope sim-swap and the RS would let the API-request pass at both the two endpoints.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, I did more research and indeed you are right so we can proceed this way
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Good ! thanks @fernandopradocabrillo for the research. |
f1a3e28
Fixed MegaLinter issues
@fernandopradocabrillo I've fixed megalinter issues so review required :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
done! and I won't charge you extra :) |
What type of PR is this?
Allow clients to request the scope
sim-swap
and get access to both sim-swap-check and sim-swap-dataWhat this PR does / why we need it:
Let the SimSwap subgroup define support for the wildcard scope
sim-swap
.See also: camaraproject/Commonalities#184 (comment)