On Fri, Aug 19, 2016 at 2:35 PM, Nuwan Dias <[email protected]> wrote:
>
>
> On Fri, Aug 19, 2016 at 1:40 PM, Sanjeewa Malalgoda <[email protected]>
> wrote:
>
>> The purpose of implementing client tool is to ease admins/devopts task.
>> If we think of end user point of view(api creator) client tool do not help
>> much.
>> I don't believe usual API creator, publishers will use this client much.
>> If we need to let them to export API then we should give them UI option.
>>
>> So most of the time this will be use by system administrators and devopts
>> people to move artifacts between environments. In such cases creating new
>> application and embedding it to app would not be a problem. And also if
>> this is more of admin tool then we can use other securing mechanisms such
>> as basic auth.
>>
>
> The import/export tool is a client side library which consumes the product
> REST APIs. Since the REST APIs are protected over OAuth I don't think using
> Basic Auth is an option.
>
Can we introduce a new permission/s [1] and a scope. If user is having
these permissions, which we should consider as a sys-admin and allow to
perform any of the REST API calls. Same time, if the tool need to be used
by normal creator/publisher user, we can keep the logic Kaveesha has
initially mentioned.
[1] API
|- import
|- export
Regards,
Dinusha.
>
>> Thanks,
>> sanjeewa.
>>
>> On Fri, Aug 19, 2016 at 12:07 PM, Kaveesha Perera <[email protected]>
>> wrote:
>>
>>> Hi all,
>>>
>>> Currently I'm working on a client side tool that consumes REST APIs for
>>> API import/export feature of APIM (Refer to my previous email labeled [1]).
>>> There OAuth life cycle goes as follows.
>>>
>>> User asked to give a application name on the configuration file.Using
>>> that, tool create a client application calling DCR endpoint to obtain
>>> consumer keys and consumer secretes required to generate tokens that are
>>> needed for import and export of APIs. In the case where user didn't provide
>>> any application name, tool's default name will be used for the above.
>>>
>>> If the application already exists and only if the user is the owner of
>>> that particular application, consumer key and the consumer secret of the
>>> existing application will be returned by the DCR endpoint.
>>>
>>> If any feedback on this process please do reply.
>>>
>>> *[1] Facilitating Updating API with import/export tool in APIM *
>>>
>>> Regards,
>>> --
>>> Kaveesha Perera
>>> Intern - Software Engineering
>>>
>>> mobile: 0716130471
>>>
>>> _______________________________________________
>>> Architecture mailing list
>>> [email protected]
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>
>>>
>>
>>
>> --
>>
>> *Sanjeewa Malalgoda*
>> WSO2 Inc.
>> Mobile : +94713068779
>>
>> <http://sanjeewamalalgoda.blogspot.com/>blog
>> :http://sanjeewamalalgoda.blogspot.com/
>> <http://sanjeewamalalgoda.blogspot.com/>
>>
>>
>>
>> _______________________________________________
>> Architecture mailing list
>> [email protected]
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>>
>
>
> --
> Nuwan Dias
>
> Software Architect - WSO2, Inc. http://wso2.com
> email : [email protected]
> Phone : +94 777 775 729
>
> _______________________________________________
> Architecture mailing list
> [email protected]
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>
--
Dinusha Dilrukshi
Associate Technical Lead
WSO2 Inc.: http://wso2.com/
Mobile: +94725255071
Blog: http://dinushasblog.blogspot.com/
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
