-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consolidate api information into yaml file #52
Consolidate api information into yaml file #52
Conversation
|
||
[GSMA Mobile Connect Account Takeover Protection specification](https://www.gsma.com/identity/wp-content/uploads/2022/12/IDY.24-Mobile-Connect-Account-Takeover-Protection-Definition-and-Technical-Requirements-v2.0.pdf) was used as source of input for this API. For more about Mobile Connect, please see [Mobile Connect website](https://mobileconnect.io/). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@fernandopradocabrillo I think we agreed to leave this reference in documentation... please change accordingly and do not delete this piece.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes @DT-DawidWroblewski It is still there, I moved it to the section Further info and support.
code/API_definitions/sim_swap.yaml
Outdated
@@ -35,13 +59,14 @@ paths: | |||
/retrieve-date: | |||
post: | |||
security: | |||
- oAuth2ClientCredentials: [] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what about countries where oauth2ClientCredentials is allowed? we should keep this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The idea that is being discuss in the commonalities Issue (camaraproject/Commonalities#53) is to encapsulate the Authorization flows into the .well-known file of the OIDC protocol. This does not mean that we removed the client_credentials grant type, it is just not explicitly described inside the securitySchemes
Edited
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd keep it to avoid confusion while reading the yaml file
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@DT-DawidWroblewski may I suggest you also raise your concern in the camaraproject/Commonalities#53 ? i think it is important to provide your feedback at this level as it will impact all API.
@fernandopradocabrillo probably better to wait Commonalities outcome on this PR before to apply no ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@bigludo7 yes I also think we can wait until the commonalities PR is merged. I was just advancing some work!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@DT-DawidWroblewski I retract this as I was not aware that it has been agreed in the discussions on Identity and Consent that resources that manage personal data cannot be accessed using client_credentials.
and:
camaraproject/IdentityAndConsentManagement#57
Any reference to other securitySchemes, such as client credentials, would generally be removed. Client credentials access (2-legged) must only be used "when user resource is NOT involved & the client belongs to confidential category".
code/API_definitions/sim_swap.yaml
Outdated
@@ -76,13 +104,14 @@ paths: | |||
/check: | |||
post: | |||
security: | |||
- oAuth2ClientCredentials: [] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what about countries where oauth2ClientCredentials is allowed? we should keep this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Idem
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
idem
code/API_definitions/sim_swap.yaml
Outdated
@@ -116,21 +148,9 @@ paths: | |||
$ref: "#/components/responses/Generic504" | |||
components: | |||
securitySchemes: | |||
oAuth2ClientCredentials: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we cannot delete this option as oauth2clientCredentials is an option that is available on many markets
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Idem
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
idem
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for that.
One question about the version - as you change code for scope & header should be still v4.1 or v4.2 or v5.0-wip?
I strongly propose to have two different PRs:
Doing it in one PR will make it complex and will block the independent changes. |
c9fed64
to
a9fe4c2
Compare
@hdamker @bigludo7 @DT-DawidWroblewski Updated this PR to only include the documentation in the yaml. I'll create a new one with then changes in the scopes, headers, etc |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Look good for me.
I'm fine for this one to keep same version as we just added documentation but probably in future update we should change the last didit version no?
it is ok. thanks @fernandopradocabrillo |
Yes, I have updated to v0.5.0-wip in the PR with the yaml changes. I don't know exactly what convention are we following in the versioning so I'm open to suggestions! |
What type of PR is this?
Add one of the following kinds:
What this PR does / why we need it:
check
is no longer the only operation available in the speccamara
since we no longer have MC versionswagger
referenceWhich issue(s) this PR fixes:
Fixes (#42)
Special notes for reviewers:
Issue #42 still has an open issue regarding the authorization flows to be implemented in the API, as we were waiting for a resolution in the discussions on Identity and Consent. This decission could lead to changes in the requests properties (Link to Mona's comment) so, if you are okey with it @bigludo7, @DT-DawidWroblewski, I suggest moving that topic to a new Issue and close #42 with the embeded documentation and the complete cleanup.
Changelog input
N/A
Additional documentation
N/A