Hi Ishara, On Mon, Nov 7, 2016 at 1:24 PM, Ishara Cooray <[email protected]> wrote:
> Hi, > > According to the current APIM 2.0 implementation it supports Swagger 2.0 > yet using the old custom security definition > *x-wso2-security* > Swagger 2.0 we can use a declaration of the security schemes as below. > > api_key: > type: apiKey > name: api_key > in: headerpetstore_auth: > type: oauth2 > authorizationUrl: http://swagger.io/api/oauth/dialog > flow: implicit > scopes: > write:pets: modify pets in your account > read:pets: read your pets > > But this *does not have* the support for *roles* as we do in custom > security definition *x-wso2-security *as below. > x-wso2-security: > apim: > x-wso2-scopes: > - description: "" > roles: admin > name: apim:api_view > key: apim:api_view > > According to the current REST API scope validation implementation [1] it > only validates scopes but not roles. > AFAIU we should do role validation at the time a user getting an access token for a particular scope invoking /token API? So at REST API level scope validation will be enough. > So for C5 what could be the definition to supported? > I think we can drop *x-wso2-security *and stick to Swagger OOTB support > but again there should be a custom way to support roles. > > Or shall we continue to use *x-wso2-security *until Swagger OOTB support > for roles? > > Appreciate your input on this. > > > [1] https://github.com/wso2/carbon-apimgt/blob/master/ > components/apimgt/org.wso2.carbon.apimgt.rest.api.util/ > src/main/java/org/wso2/carbon/apimgt/rest/api/util/impl/ > WebAppAuthenticatorImpl.java > > Thanks & Regards, > Ishara Cooray > Senior Software Engineer > Mobile : +9477 262 9512 > WSO2, Inc. | http://wso2.com/ > Lean . Enterprise . Middleware > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Malintha Amarasinghe Software Engineer *WSO2, Inc. - lean | enterprise | middleware* http://wso2.com/ Mobile : +94 712383306
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
