Hi Chamila, openid connect[1] and revoke api[2] is in our road-map and hope to ship with APIM V3. We have not yet identified requirement of /userinfo. When we going forward, will review and include into roadmap as needed.
[1] https://github.com/wso2/carbon-auth/issues/42 [2] https://github.com/wso2/carbon-auth/issues/41 Thanks and regards On Wed, Jan 10, 2018 at 9:14 PM, Chamila Adhikarinayake <[email protected]> wrote: > Hi Malintha, > > Are we not providing an endpoint for /userinfo ? Or are we not supporting > openid connect related stuff with this api . Also revoke api is not > mentioned as well. Was it intentional? > > Chamila. > > > > On Wed, Jan 10, 2018 at 3:30 AM, Malintha Amarasinghe <[email protected]> > wrote: > >> Thanks Bhathiya and Sanjeewa. +1 to remove the version from Spec based >> APIs. >> >> And +1 for */api/auth/oauth2/ *instead of */api/auth/oauth/2.0*, >> >> As per the discussion I had with Sanjeewa, it was suggested to use >> /oauth2 prefix for all the APIs which are based on an OAuth2 spec. >> >> Following are the updated paths to reflect all the changes discussed so >> far. >> >> 1. Client Registration/Management REST API >> /api/auth/oauth2/dcr >> >> 2. OAuth Token REST API >> /api/auth/oauth2/token >> >> 3. OAuth Authorize REST API >> /api/auth/oauth2/authorize >> >> 4. Token Introspection REST API >> /api/auth/oauth2/introspect >> >> Scope registration API is not based on a spec so uses our conventional >> way: >> >> 5. Scope Registration REST API >> /api/auth/scope-registration/v1[.x] >> >> SCIM2; based on spec so no need of version. >> >> 6. SCIM REST API >> /api/auth/scim2 >> >> @All, Appreciate your thoughts. >> >> Thanks! >> Malintha >> >> >> >> On Wed, Jan 10, 2018 at 12:51 PM, Bhathiya Jayasekara <[email protected]> >> wrote: >> >>> On Wed, Jan 10, 2018 at 12:39 PM, Sanjeewa Malalgoda <[email protected]> >>> wrote: >>> >>>> When it comes to spec based API i think we do not need to worry about >>>> versions. If we consider oauth2 then it will be anyway support oauth 2.0 >>>> and will not change API. >>>> Underlying implementation can change but API will not change. So should >>>> we need versions for them? >>>> >>> >>> Malintha and I discussed the same thing a few days back. We thought of >>> using */api/auth/oauth2/* (without a version). Our only concern was >>> that is it ok to not to have a version in the URL. If that's not a concern >>> I'm +1 for that. >>> >>> However, I prefer */api/auth/oauth2/ *than */api/auth/oauth/2.0*, but >>> that's just my personal preference. >>> >>> Thanks, >>> Bhathiya >>> >>> >>>> Any thoughts? >>>> >>>> Thanks, >>>> sanjeewa. >>>> >>>> On Tue, Jan 9, 2018 at 2:31 PM, Chamin Dias <[email protected]> wrote: >>>> >>>>> Sorry, small correction in my previous mail - /oauth2/v1.0 should be >>>>> oauth/v2.0 >>>>> >>>>> On Tue, Jan 9, 2018 at 2:09 PM, Chamin Dias <[email protected]> wrote: >>>>> >>>>>> +1 for Malintha's suggestion. If we go with that, IMHO it is better >>>>>> to use /oauth2/v1.0 format for this implementation. >>>>>> >>>>>> Thanks. >>>>>> >>>>>> On Tue, Jan 9, 2018 at 1:26 PM, Malintha Amarasinghe < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi Bhathiya, >>>>>>> >>>>>>> Usually, minor version increment means a backward compatible API >>>>>>> change; eg: adding a new API, adding a new attribute to an existing DTO >>>>>>> which is not mandatory. As I believe, we only need to change the >>>>>>> version of >>>>>>> the API if we introduce some change that the way that clients uses the >>>>>>> API >>>>>>> are also affected. If we do some performance improvement etc, we don't >>>>>>> need >>>>>>> to change the version IMHO. >>>>>>> >>>>>>> Thanks! >>>>>>> >>>>>>> On Tue, Jan 9, 2018 at 12:19 PM, Bhathiya Jayasekara < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi Malintha, >>>>>>>> >>>>>>>> On Tue, Jan 9, 2018 at 11:54 AM, Malintha Amarasinghe < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Hi Bhathiya/Chamila >>>>>>>>> >>>>>>>>> On Tue, Jan 9, 2018 at 1:44 AM, Chamila Adhikarinayake < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> Should we use oauth2 and scim2 instead. Just an idea. >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> +1 . seems like oauth/v1.0 is taking about and endpoint for >>>>>>>>>> oauth v1.0 instead of OAuth 2.0 >>>>>>>>>> >>>>>>>>> This is a good point, +1 for changing the base paths for scim2 and >>>>>>>>> auth2 API. Yes, having /oauth/v1.0 and /scim/v1.0 seems wrong. >>>>>>>>> >>>>>>>>> @All, >>>>>>>>> >>>>>>>>> The version (vX.X) we have been using can be taken as the spec >>>>>>>>> version as well. If we use /oauth2/v1.0 we are using two versions in >>>>>>>>> the >>>>>>>>> base paths. >>>>>>>>> >>>>>>>>> Lets say we released /oauth2/v1.0 today. Then I think there should >>>>>>>>> never be a /oauth2/v1.1 or /oauth2/v2.0 in future. Because those >>>>>>>>> version >>>>>>>>> updates means we have introduced API changes. But auth2 is a spec >>>>>>>>> where we >>>>>>>>> are not allowed to do API changes like that. >>>>>>>>> >>>>>>>> >>>>>>>> Shouldn't we increase the minor version when there are >>>>>>>> implementation changes? IMO we have to keep spec version and impl >>>>>>>> version >>>>>>>> seperate. >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Bhathiya >>>>>>>> >>>>>>>> >>>>>>>>> >>>>>>>>> So our approach should be /oauth2/v1.0 OR /oauth/v2.0 ? >>>>>>>>> >>>>>>>>> Same goes to every API which are already having a standard spec >>>>>>>>> like SCIM, DCR, Introspection. >>>>>>>>> >>>>>>>>> >>>>>>>>> Regarding having multiple implementation, I think we should try to >>>>>>>>> minimize the amount of changes we are doing to the interfaces of >>>>>>>>> existing >>>>>>>>> IS API as much as possible. But there are few things we may have to >>>>>>>>> change >>>>>>>>> like Sanjeewa mentioned. Between both default impelentations (IS and >>>>>>>>> carbon-auth) we need to re use code as much as possible to minimise >>>>>>>>> the >>>>>>>>> maintainace overhead. >>>>>>>>> >>>>>>>>> Thanks! >>>>>>>>> >>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Regards, >>>>>>>>>> Chamila Adhikarinayake >>>>>>>>>> Senior Software Engineer >>>>>>>>>> WSO2, Inc. >>>>>>>>>> Mobile - +94712346437 <+94%2071%20234%206437> >>>>>>>>>> Email - [email protected] >>>>>>>>>> Blog - http://helpfromadhi.blogspot.com/ >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Malintha Amarasinghe >>>>>>>>> *WSO2, Inc. - lean | enterprise | middleware* >>>>>>>>> http://wso2.com/ >>>>>>>>> >>>>>>>>> Mobile : +94 712383306 <071%20238%203306> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> *Bhathiya Jayasekara* >>>>>>>> *Associate Technical Lead,* >>>>>>>> *WSO2 inc., http://wso2.com <http://wso2.com>* >>>>>>>> >>>>>>>> *Phone: +94715478185 <+94%2071%20547%208185>* >>>>>>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >>>>>>>> <http://www.linkedin.com/in/bhathiyaj>* >>>>>>>> *Twitter: https://twitter.com/bhathiyax >>>>>>>> <https://twitter.com/bhathiyax>* >>>>>>>> *Blog: http://movingaheadblog.blogspot.com >>>>>>>> <http://movingaheadblog.blogspot.com/>* >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Malintha Amarasinghe >>>>>>> *WSO2, Inc. - lean | enterprise | middleware* >>>>>>> http://wso2.com/ >>>>>>> >>>>>>> Mobile : +94 712383306 <+94%2071%20238%203306> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Chamin Dias >>>>>> Mobile : 0716097455 <071%20609%207455> >>>>>> Email : [email protected] >>>>>> LinkedIn : https://www.linkedin.com/in/chamindias >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Chamin Dias >>>>> Mobile : 0716097455 <071%20609%207455> >>>>> Email : [email protected] >>>>> LinkedIn : https://www.linkedin.com/in/chamindias >>>>> >>>>> >>>> >>>> >>>> -- >>>> >>>> *Sanjeewa Malalgoda* >>>> WSO2 Inc. >>>> Mobile : +94713068779 <071%20306%208779> >>>> >>>> <http://sanjeewamalalgoda.blogspot.com/>blog >>>> :http://sanjeewamalalgoda.blogspot.com/ >>>> <http://sanjeewamalalgoda.blogspot.com/> >>>> >>>> >>>> >>> >>> >>> -- >>> *Bhathiya Jayasekara* >>> *Associate Technical Lead,* >>> *WSO2 inc., http://wso2.com <http://wso2.com>* >>> >>> *Phone: +94715478185 <+94%2071%20547%208185>* >>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >>> <http://www.linkedin.com/in/bhathiyaj>* >>> *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* >>> *Blog: http://movingaheadblog.blogspot.com >>> <http://movingaheadblog.blogspot.com/>* >>> >> >> >> >> -- >> Malintha Amarasinghe >> *WSO2, Inc. - lean | enterprise | middleware* >> http://wso2.com/ >> >> Mobile : +94 712383306 <+94%2071%20238%203306> >> > > > > -- > Regards, > Chamila Adhikarinayake > Senior Software Engineer > WSO2, Inc. > Mobile - +94712346437 <+94%2071%20234%206437> > Email - [email protected] > Blog - http://helpfromadhi.blogspot.com/ > -- Rukshan Chathuranga. Software Engineer. WSO2, Inc. +94711822074
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
