/generate-tokens should be /generate-token right? Because we're just generating 1 token.
On Thu, Jun 29, 2017 at 12:29 PM, Uvindra Dias Jayasinha <[email protected]> wrote: > +1, looks good > > On 29 June 2017 at 12:27, Malintha Amarasinghe <[email protected]> wrote: > >> >> >> On Thu, Jun 29, 2017 at 12:20 PM, Harsha Kumara <[email protected]> wrote: >> >>> >>> >>> On Thu, Jun 29, 2017 at 11:43 AM, Malintha Amarasinghe < >>> [email protected]> wrote: >>> >>>> Hi all, >>>> >>>> Bhathiya and I had a discussion about this and came up with the below >>>> approach regarding POST /provide-keys. >>>> >>>> 1.Creates a new resource in /keys collection providing the key type. >>>> (Similar to semi-manual client registration). >>>> >>>> POST /applications/{applicationId}/keys >>>> >>>> *Request:* >>>> >>>> POST /applications/876f8fd8-269a-41db-b1cf-e4efe8a8426d/keys >>>> >>>> { >>>> "consumerKey": "xxxxxxxxxxxxxxxxxxxx", >>>> "consumerSecret": "yyyyyyyyyyyyyyyyyyy", >>>> "keyType": "PRODUCTION" >>>> } >>>> >>>> *Response* >>>> >>>> HTTP/1.1 201 CREATED >>>> Location: https://localhost:9292/api/am/store/v1/applications/876f8fd8 >>>> -269a-41db-b1cf-e4efe8a8426d/keys/PRODUCTION >>>> >>>> { >>>> "consumerKey": "xxxxxxxxxxxxxxxxxx", >>>> "consumerSecret": "yyyyyyyyyyyyyyyyyyy", >>>> "supportedGrantTypes": [ >>>> "client-credentials", "password" >>>> ], >>>> "callbackUrl": "http://localhost/callback";, >>>> "keyType": "PRODUCTION" >>>> } >>>> >>>> Seems we are thinking keyType as a resource. We will need to add a >>> validation for keyType at implementation layer. +1 for the approach. >>> >> Yeah we will need a validation since the only allowed key types are >> PRODUCTION and SANDBOX. >> >>> >>>> 2. Get all keys >>>> >>>> GET /applications/{applicationId}/keys >>>> >>>> >>>> *Request:* >>>> >>>> GET /applications/876f8fd8-269a-41db-b1cf-e4efe8a8426d/keys >>>> >>>> >>>> *Response:* >>>> >>>> HTTP/1.1 200 OK >>>> { >>>> "count": 2, >>>> "items": [ >>>> >>>> { >>>> "consumerKey": "xxxxxxxxxxxxxxxxxx", >>>> "consumerSecret": "yyyyyyyyyyyyyyyyyyy", >>>> "supportedGrantTypes": [ >>>> "client-credentials", "password" >>>> ], >>>> "callbackUrl": "http://localhost/callback";, >>>> "keyType": "PRODUCTION" >>>> }, >>>> >>>> { >>>> "consumerKey": "xxxxxxxxxxxxxxxxxx", >>>> "consumerSecret": "yyyyyyyyyyyyyyyyyyy", >>>> "supportedGrantTypes": [ >>>> "client-credentials", "password" >>>> ], >>>> "callbackUrl": "http://localhost/callback";, >>>> "keyType": "SANDBOX" >>>> } >>>> >>>> ] >>>> } >>>> >>>> >>>> 3. Get a single key detail >>>> >>>> GET /applications/{applicationId}/keys/{keyType} >>>> >>>> *Request* >>>> >>>> GET /applications/876f8fd8-269a-41db-b1cf-e4efe8a8426d/keys/PRODUCTION >>>> >>>> >>>> *Response* >>>> >>>> HTTP/1.1 200 OK >>>> >>>> { >>>> "consumerKey": "xxxxxxxxxxxxxxxxxx", >>>> "consumerSecret": "yyyyyyyyyyyyyyyyyyy", >>>> "supportedGrantTypes": [ >>>> "client-credentials", "password" >>>> ], >>>> "callbackUrl": "http://localhost/callback";, >>>> "keyType": "PRODUCTION" >>>> } >>>> >>>> 4. Update a key >>>> >>>> PUT /applications/{applicationId}/keys/{keyType} >>>> >>>> *We will only allow updating supported grant types and callback URLs >>>> for individual keys.* >>>> >>>> *Request* >>>> >>>> PUT /applications/876f8fd8-269a-41db-b1cf-e4efe8a8426d/keys/PRODUCTION >>>> >>>> >>>> { >>>> "supportedGrantTypes": [ >>>> "client-credentials" >>>> ], >>>> "callbackUrl": "http://localhost/callback-updated";, >>>> } >>>> >>>> *Response:* >>>> >>>> HTTP/1.1 200 OK >>>> >>>> { >>>> "consumerKey": "xxxxxxxxxxxxxxxxxx", >>>> "consumerSecret": "yyyyyyyyyyyyyyyyyyy", >>>> "supportedGrantTypes": [ >>>> "client-credentials" >>>> ], >>>> "callbackUrl": "http://localhost/callback-updated";, >>>> "keyType": "PRODUCTION" >>>> } >>>> >>>> >>>> >>>> Thanks >>>> Malintha >>>> >>>> >>>> >>>> On Wed, Jun 28, 2017 at 1:37 PM, Bhathiya Jayasekara <[email protected] >>>> > wrote: >>>> >>>>> Hi all, >>>>> >>>>> As discussed in [1], I split generate keys operation into 2, and added >>>>> "provide-keys" operation for semi-manual client registration. Here is the >>>>> final list with sample requests and responses. >>>>> >>>>> >>>>> POST /applications/{applicationId}/generate-keys >>>>> >>>>> { >>>>> "keyType": "PRODUCTION", >>>>> "grantTypesToBeSupported": [ >>>>> "client-credentials", "password" >>>>> ], >>>>> "callbackUrl": "http://localhost/callback"} >>>>> >>>>> >>>>> Response >>>>> >>>>> { >>>>> "consumerKey": "xxxxxxxxxxxxxxxxxx", >>>>> "consumerSecret": "yyyyyyyyyyyyyyyyyyy", >>>>> "supportedGrantTypes": [ >>>>> "client-credentials", "password" >>>>> ], >>>>> "callbackUrl": "http://localhost/callback";, >>>>> "keyType": "PRODUCTION"} >>>>> >>>>> >>>>> >>>>> POST /applications/{applicationId}/provide-keys >>>>> >>>>> { >>>>> "consumerKey": "xxxxxxxxxxxxxxxxxxxx", >>>>> "consumerSecret": "yyyyyyyyyyyyyyyyyyy", >>>>> "keyType": "PRODUCTION"} >>>>> >>>>> >>>>> Response >>>>> >>>>> { >>>>> "consumerKey": "xxxxxxxxxxxxxxxxxx", >>>>> "consumerSecret": "yyyyyyyyyyyyyyyyyyy", >>>>> "supportedGrantTypes": [ >>>>> "client-credentials", "password" >>>>> ], >>>>> "callbackUrl": "http://localhost/callback";, >>>>> "keyType": "PRODUCTION"} >>>>> >>>>> >>>>> >>>>> POST /applications/{applicationId}/generate-tokens >>>>> >>>>> { >>>>> "consumerKey": "xxxxxxxxxxxxxxxxxxxxx", >>>>> "consumerSecret": "yyyyyyyyyyyyyyyyyyyyyy", >>>>> "validityPeriod": 3600, >>>>> "scopes": "read write delete", >>>>> "revokeToken": "zzzzzzzzzzzzzzzzzzzzz"} >>>>> >>>>> >>>>> Response >>>>> >>>>> { >>>>> "accessToken": "aaaaaaaaaaaaaaaaaaaaaaaaa", >>>>> "tokenScopes": "read write", >>>>> "validityTime": 3600} >>>>> >>>>> >>>>> >>>>> [1] [APIM][C5] Splitting "Generate Keys" operation in Store REST API >>>>> >>>>> Thanks, >>>>> -- >>>>> *Bhathiya Jayasekara* >>>>> *Associate Technical Lead,* >>>>> *WSO2 inc., http://wso2.com <http://wso2.com>* >>>>> >>>>> *Phone: +94715478185 <+94%2071%20547%208185>* >>>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >>>>> <http://www.linkedin.com/in/bhathiyaj>* >>>>> *Twitter: https://twitter.com/bhathiyax >>>>> <https://twitter.com/bhathiyax>* >>>>> *Blog: http://movingaheadblog.blogspot.com >>>>> <http://movingaheadblog.blogspot.com/>* >>>>> >>>> >>>> >>>> >>>> -- >>>> Malintha Amarasinghe >>>> Software Engineer >>>> *WSO2, Inc. - lean | enterprise | middleware* >>>> http://wso2.com/ >>>> >>>> Mobile : +94 712383306 <+94%2071%20238%203306> >>>> >>> >>> >>> >>> -- >>> Harsha Kumara >>> Software Engineer, WSO2 Inc. >>> Mobile: +94775505618 <+94%2077%20550%205618> >>> Blog:harshcreationz.blogspot.com >>> >> >> >> >> -- >> Malintha Amarasinghe >> Software Engineer >> *WSO2, Inc. - lean | enterprise | middleware* >> http://wso2.com/ >> >> Mobile : +94 712383306 <+94%2071%20238%203306> >> > > > > -- > Regards, > Uvindra > > Mobile: 777733962 > -- Nuwan Dias Software Architect - WSO2, Inc. http://wso2.com email : [email protected] Phone : +94 777 775 729
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
