On Thu, Jun 29, 2017 at 12:20 PM, Harsha Kumara <[email protected]> wrote:
> > > On Thu, Jun 29, 2017 at 11:43 AM, Malintha Amarasinghe <[email protected] > > wrote: > >> Hi all, >> >> Bhathiya and I had a discussion about this and came up with the below >> approach regarding POST /provide-keys. >> >> 1.Creates a new resource in /keys collection providing the key type. >> (Similar to semi-manual client registration). >> >> POST /applications/{applicationId}/keys >> >> *Request:* >> >> POST /applications/876f8fd8-269a-41db-b1cf-e4efe8a8426d/keys >> >> { >> "consumerKey": "xxxxxxxxxxxxxxxxxxxx", >> "consumerSecret": "yyyyyyyyyyyyyyyyyyy", >> "keyType": "PRODUCTION" >> } >> >> *Response* >> >> HTTP/1.1 201 CREATED >> Location: https://localhost:9292/api/am/store/v1/applications/876f8fd8 >> -269a-41db-b1cf-e4efe8a8426d/keys/PRODUCTION >> >> { >> "consumerKey": "xxxxxxxxxxxxxxxxxx", >> "consumerSecret": "yyyyyyyyyyyyyyyyyyy", >> "supportedGrantTypes": [ >> "client-credentials", "password" >> ], >> "callbackUrl": "http://localhost/callback";, >> "keyType": "PRODUCTION" >> } >> >> Seems we are thinking keyType as a resource. We will need to add a > validation for keyType at implementation layer. +1 for the approach. > Yeah we will need a validation since the only allowed key types are PRODUCTION and SANDBOX. > >> 2. Get all keys >> >> GET /applications/{applicationId}/keys >> >> >> *Request:* >> >> GET /applications/876f8fd8-269a-41db-b1cf-e4efe8a8426d/keys >> >> >> *Response:* >> >> HTTP/1.1 200 OK >> { >> "count": 2, >> "items": [ >> >> { >> "consumerKey": "xxxxxxxxxxxxxxxxxx", >> "consumerSecret": "yyyyyyyyyyyyyyyyyyy", >> "supportedGrantTypes": [ >> "client-credentials", "password" >> ], >> "callbackUrl": "http://localhost/callback";, >> "keyType": "PRODUCTION" >> }, >> >> { >> "consumerKey": "xxxxxxxxxxxxxxxxxx", >> "consumerSecret": "yyyyyyyyyyyyyyyyyyy", >> "supportedGrantTypes": [ >> "client-credentials", "password" >> ], >> "callbackUrl": "http://localhost/callback";, >> "keyType": "SANDBOX" >> } >> >> ] >> } >> >> >> 3. Get a single key detail >> >> GET /applications/{applicationId}/keys/{keyType} >> >> *Request* >> >> GET /applications/876f8fd8-269a-41db-b1cf-e4efe8a8426d/keys/PRODUCTION >> >> >> *Response* >> >> HTTP/1.1 200 OK >> >> { >> "consumerKey": "xxxxxxxxxxxxxxxxxx", >> "consumerSecret": "yyyyyyyyyyyyyyyyyyy", >> "supportedGrantTypes": [ >> "client-credentials", "password" >> ], >> "callbackUrl": "http://localhost/callback";, >> "keyType": "PRODUCTION" >> } >> >> 4. Update a key >> >> PUT /applications/{applicationId}/keys/{keyType} >> >> *We will only allow updating supported grant types and callback URLs for >> individual keys.* >> >> *Request* >> >> PUT /applications/876f8fd8-269a-41db-b1cf-e4efe8a8426d/keys/PRODUCTION >> >> >> { >> "supportedGrantTypes": [ >> "client-credentials" >> ], >> "callbackUrl": "http://localhost/callback-updated";, >> } >> >> *Response:* >> >> HTTP/1.1 200 OK >> >> { >> "consumerKey": "xxxxxxxxxxxxxxxxxx", >> "consumerSecret": "yyyyyyyyyyyyyyyyyyy", >> "supportedGrantTypes": [ >> "client-credentials" >> ], >> "callbackUrl": "http://localhost/callback-updated";, >> "keyType": "PRODUCTION" >> } >> >> >> >> Thanks >> Malintha >> >> >> >> On Wed, Jun 28, 2017 at 1:37 PM, Bhathiya Jayasekara <[email protected]> >> wrote: >> >>> Hi all, >>> >>> As discussed in [1], I split generate keys operation into 2, and added >>> "provide-keys" operation for semi-manual client registration. Here is the >>> final list with sample requests and responses. >>> >>> >>> POST /applications/{applicationId}/generate-keys >>> >>> { >>> "keyType": "PRODUCTION", >>> "grantTypesToBeSupported": [ >>> "client-credentials", "password" >>> ], >>> "callbackUrl": "http://localhost/callback"} >>> >>> >>> Response >>> >>> { >>> "consumerKey": "xxxxxxxxxxxxxxxxxx", >>> "consumerSecret": "yyyyyyyyyyyyyyyyyyy", >>> "supportedGrantTypes": [ >>> "client-credentials", "password" >>> ], >>> "callbackUrl": "http://localhost/callback";, >>> "keyType": "PRODUCTION"} >>> >>> >>> >>> POST /applications/{applicationId}/provide-keys >>> >>> { >>> "consumerKey": "xxxxxxxxxxxxxxxxxxxx", >>> "consumerSecret": "yyyyyyyyyyyyyyyyyyy", >>> "keyType": "PRODUCTION"} >>> >>> >>> Response >>> >>> { >>> "consumerKey": "xxxxxxxxxxxxxxxxxx", >>> "consumerSecret": "yyyyyyyyyyyyyyyyyyy", >>> "supportedGrantTypes": [ >>> "client-credentials", "password" >>> ], >>> "callbackUrl": "http://localhost/callback";, >>> "keyType": "PRODUCTION"} >>> >>> >>> >>> POST /applications/{applicationId}/generate-tokens >>> >>> { >>> "consumerKey": "xxxxxxxxxxxxxxxxxxxxx", >>> "consumerSecret": "yyyyyyyyyyyyyyyyyyyyyy", >>> "validityPeriod": 3600, >>> "scopes": "read write delete", >>> "revokeToken": "zzzzzzzzzzzzzzzzzzzzz"} >>> >>> >>> Response >>> >>> { >>> "accessToken": "aaaaaaaaaaaaaaaaaaaaaaaaa", >>> "tokenScopes": "read write", >>> "validityTime": 3600} >>> >>> >>> >>> [1] [APIM][C5] Splitting "Generate Keys" operation in Store REST API >>> >>> Thanks, >>> -- >>> *Bhathiya Jayasekara* >>> *Associate Technical Lead,* >>> *WSO2 inc., http://wso2.com <http://wso2.com>* >>> >>> *Phone: +94715478185 <+94%2071%20547%208185>* >>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >>> <http://www.linkedin.com/in/bhathiyaj>* >>> *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* >>> *Blog: http://movingaheadblog.blogspot.com >>> <http://movingaheadblog.blogspot.com/>* >>> >> >> >> >> -- >> Malintha Amarasinghe >> Software Engineer >> *WSO2, Inc. - lean | enterprise | middleware* >> http://wso2.com/ >> >> Mobile : +94 712383306 <+94%2071%20238%203306> >> > > > > -- > Harsha Kumara > Software Engineer, WSO2 Inc. > Mobile: +94775505618 <+94%2077%20550%205618> > Blog:harshcreationz.blogspot.com > -- Malintha Amarasinghe Software Engineer *WSO2, Inc. - lean | enterprise | middleware* http://wso2.com/ Mobile : +94 712383306
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
