Actually we do not validate roles while authentication/ authorization process. If you look at carefully each and every resource you will see only scope is there(role listed only top of swagger file). Scope to role mapping will be stored in /system/config/apimgt/applicationdata/tenant-conf.json file and check it while validating scope(in scopes validator). First check identity server side token and scope validation then we can decide what we can do from APIM side.
Thanks, sanjeewa. On Mon, Nov 7, 2016 at 1:24 PM, Ishara Cooray <[email protected]> wrote: > Hi, > > According to the current APIM 2.0 implementation it supports Swagger 2.0 > yet using the old custom security definition > *x-wso2-security* > Swagger 2.0 we can use a declaration of the security schemes as below. > > api_key: > type: apiKey > name: api_key > in: headerpetstore_auth: > type: oauth2 > authorizationUrl: http://swagger.io/api/oauth/dialog > flow: implicit > scopes: > write:pets: modify pets in your account > read:pets: read your pets > > But this *does not have* the support for *roles* as we do in custom > security definition *x-wso2-security *as below. > x-wso2-security: > apim: > x-wso2-scopes: > - description: "" > roles: admin > name: apim:api_view > key: apim:api_view > > According to the current REST API scope validation implementation [1] it > only validates scopes but not roles. > > So for C5 what could be the definition to supported? > I think we can drop *x-wso2-security *and stick to Swagger OOTB support > but again there should be a custom way to support roles. > > Or shall we continue to use *x-wso2-security *until Swagger OOTB support > for roles? > > Appreciate your input on this. > > > [1] https://github.com/wso2/carbon-apimgt/blob/master/ > components/apimgt/org.wso2.carbon.apimgt.rest.api.util/ > src/main/java/org/wso2/carbon/apimgt/rest/api/util/impl/ > WebAppAuthenticatorImpl.java > > Thanks & Regards, > Ishara Cooray > Senior Software Engineer > Mobile : +9477 262 9512 > WSO2, Inc. | http://wso2.com/ > Lean . Enterprise . Middleware > -- *Sanjeewa Malalgoda* WSO2 Inc. Mobile : +94713068779 <http://sanjeewamalalgoda.blogspot.com/>blog :http://sanjeewamalalgoda.blogspot.com/ <http://sanjeewamalalgoda.blogspot.com/>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
