Hi, According to the current APIM 2.0 implementation it supports Swagger 2.0 yet using the old custom security definition *x-wso2-security* Swagger 2.0 we can use a declaration of the security schemes as below.
api_key: type: apiKey name: api_key in: headerpetstore_auth: type: oauth2 authorizationUrl: http://swagger.io/api/oauth/dialog flow: implicit scopes: write:pets: modify pets in your account read:pets: read your pets But this *does not have* the support for *roles* as we do in custom security definition *x-wso2-security *as below. x-wso2-security: apim: x-wso2-scopes: - description: "" roles: admin name: apim:api_view key: apim:api_view According to the current REST API scope validation implementation [1] it only validates scopes but not roles. So for C5 what could be the definition to supported? I think we can drop *x-wso2-security *and stick to Swagger OOTB support but again there should be a custom way to support roles. Or shall we continue to use *x-wso2-security *until Swagger OOTB support for roles? Appreciate your input on this. [1] https://github.com/wso2/carbon-apimgt/blob/master/components/apimgt/org.wso2.carbon.apimgt.rest.api.util/src/main/java/org/wso2/carbon/apimgt/rest/api/util/impl/WebAppAuthenticatorImpl.java Thanks & Regards, Ishara Cooray Senior Software Engineer Mobile : +9477 262 9512 WSO2, Inc. | http://wso2.com/ Lean . Enterprise . Middleware
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
