Hi, I think we need to keep scope to role/permission mapping as well which can't be kept in the swagger definition. We will need to keep that separately. The approach 1 looks good to me (having a separate /scope resource)
Thanks! On Tue, Dec 5, 2017 at 8:50 AM, Viduranga Gunarathne <[email protected]> wrote: > Hi Tharindu, > > +1 to keep the scopes in the Swagger definition. > > When we generate SDKs for APIs in APIM, swagger codegen generates > authentication procedures (Sample code + documentation) for the SDK only if > there are security scopes in the swagger definition. This issue is there is > API-M 210, because the swagger definition used to generate SDKs doesn't > have security scopes. [1]. > > Also does this allow to have multiple scopes for a single resource? > > [1] Mail subject "(CLOUDPROD-483) [API cloud] Usability issues in store > API SDKs" > > Thanks, > Viduranga. > > On Tue, Dec 5, 2017 at 6:30 AM, roshan wijesena <[email protected]> > wrote: > >> Tharindu, >> >> IMO, we should extend key-manager interface for this implementation, >> because there could be instances where, some key managers does not support >> resource registrations OOB. >> >> +1 for keep scopes in swagger. >> >> Regards >> Roshan. >> >> >> >> >> On Tue, Dec 5, 2017 at 7:15 AM, Tharindu Dharmarathna <[email protected] >> > wrote: >> >>> Hi All, >>> >>> We are going to develop Resource Registration Rest API for engaging >>> Scope for the resource. I had come up with below flow in order to do the >>> above. >>> >>> >>> >>> In Above Diagram for Store Scopes, we can do below two ways. >>> >>> >>> 1. Store under swagger.json as security definition >>> 2. Store In database schema. >>> >>> If we are Storing in swagger we have following advantages and >>> disadvantages. >>> *Advantages* >>> >>> 1. The scope can easily manage as we can assign the scopes to a resource >>> inside the swagger. >>> >>> *Disadvantages*. >>> >>> 1. If we have lots of scopes for the API for getting the Details of the >>> scope we have to call the Resource Server Endpoint, therefore it may lead >>> to high network usage. >>> 2. Swagger given by user get changed by injecting our set of properties. >>> >>> I had come up with below set of resources to create scopes and assign >>> scopes >>> >>> >>> 1. /apis/{apiid}/scopes - post (add scope for api) >>> 2. /apis/{apiid}/scopes - get (get All the scopes for api) >>> 3. /apis/{apiid}/scopes/{name} - put update scope >>> 4. /apis/{apiid}/scopes/{name} - delete scope >>> 5. /apis/{apiid} - put (Apply scopes(add,update,delete) into >>> resources) >>> 6. /apis/{apiid} - get (get scopes applied to a resources) >>> >>> Or We can do the below way as Reources are not consider as a sub >>> resources of the API >>> >>> >>> 1. /api1/{apiid} - (get,put) These two operations used to add >>> scope,update scope,delete scope,assign scopes to resources. >>> >>> >>> Please let us know your Ideas on this. >>> >>> Thanks >>> >>> *Tharindu Dharmarathna*Senior Software Engineer >>> WSO2 Inc.; http://wso2.com >>> lean.enterprise.middleware >>> >>> mobile: *+94779109091 <+94%2077%20910%209091>* >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Regards, > > *Viduranga Gunarathne* > > *Software Engineer Intern* > > > *WSO2* > Email : [email protected] > Mobile : +94712437484 <+94%2071%20243%207484> > Web : http://wso2.com > [image: https://wso2.com/signature] <https://wso2.com/signature> > -- Malintha Amarasinghe *WSO2, Inc. - lean | enterprise | middleware* http://wso2.com/ Mobile : +94 712383306 <+94%2071%20238%203306>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
