Hi All,
We are going to develop Resource Registration Rest API for engaging Scope
for the resource. I had come up with below flow in order to do the above.
In Above Diagram for Store Scopes, we can do below two ways.
1. Store under swagger.json as security definition
2. Store In database schema.
If we are Storing in swagger we have following advantages and disadvantages.
*Advantages*
1. The scope can easily manage as we can assign the scopes to a resource
inside the swagger.
*Disadvantages*.
1. If we have lots of scopes for the API for getting the Details of the
scope we have to call the Resource Server Endpoint, therefore it may lead
to high network usage.
2. Swagger given by user get changed by injecting our set of properties.
I had come up with below set of resources to create scopes and assign scopes
1. /apis/{apiid}/scopes - post (add scope for api)
2. /apis/{apiid}/scopes - get (get All the scopes for api)
3. /apis/{apiid}/scopes/{name} - put update scope
4. /apis/{apiid}/scopes/{name} - delete scope
5. /apis/{apiid} - put (Apply scopes(add,update,delete) into resources)
6. /apis/{apiid} - get (get scopes applied to a resources)
Or We can do the below way as Reources are not consider as a sub resources
of the API
1. /api1/{apiid} - (get,put) These two operations used to add
scope,update scope,delete scope,assign scopes to resources.
Please let us know your Ideas on this.
Thanks
*Tharindu Dharmarathna*Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
mobile: *+94779109091 <+94%2077%20910%209091>*
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
