Hi all, Today we had a review meeting[1] to finalize the swagger API definition[2]. Please find the meeting notes below.
*Participants:* +Thanuja Jayasinghe <[email protected]> +Isura Karunaratne <[email protected]> +Tharindu Bandara <[email protected]> *Notes:* - *[GET] : /me/associations * - This API returns a list of associated users. For an associated user, we would need the associated user's attributes. Therefore the possibility of retrieving user attributes requested via query params should be considered. - *[DELETE] : /me/federated-associations/{id}, [DELETE] : /{user-id}/federated-associations/{id}, [DELETE] : /me/associations/{user-id}* - These new APIs will be added to support deleting a given association. - The *{id} *parameter in the above should be a UUID for a federated association. As of now, all the federated associations are stored in " IDN_ASSOCIATED_ID" table, which does not have a unique identifier for an association. Therefore a new column will be added to the table " IDN_ASSOCIATED_ID" to have a UUID for an association entry. - The *{user-id} *parameter in above is the UUID for the user. Which would be the same Id in the* GET /me/association* response. [1] "Invitation: [Federated User Account Association REST APIs] API Review @ Wed Oct 30, 2019 4:30pm - 5:30pm (IST) (WSO2 Engineering Group)" [2] https://app.swaggerhub.com/apis/WSO8/association/v1 Regards, Tharindu. On Wed, Oct 30, 2019 at 1:10 PM Tharindu Bandara <[email protected]> wrote: > Hi Darshana, > > Why do we need the, >> >> - [POST] : /{user-id}/federated-associations >> >> The same API is available for the local account association. Now for > the federated account scenario, we grant this capability to an admin user, > as an admin API. > > We cannot provide a */me *API for this capability, as any user would be > able to associate any federated account with his account. This was the > concern raised earlier by +Isura Karunaratne <[email protected]>. > > The idea behind this approach is as a privileged user, an admin is able to > associate both local and a *federated* accounts to a given user. > > Regards, > Tharindu. > > On Wed, Oct 30, 2019 at 12:55 PM Darshana Gunawardana <[email protected]> > wrote: > >> Hi Isura\Tharindu, >> >> Why do we need the, >>> >>> >>> - [POST] : /{user-id}/federated-associations >>> >>> >> Thanks, >> >> On Wed, Oct 30, 2019 at 10:00 AM Tharindu Bandara <[email protected]> >> wrote: >> >>> Hi Isura, >>> >>> I think this API is not required. If this is supported, anyone can >>>> associate federated accounts without authentication. That can cause a >>>> security issue. >>>> >>> >>> +1. I will remove the [POST] : /me/federated-associations API. >>> >>> Regards, >>> -- >>> *Tharindu Bandara* >>> Senior Software Engineer | WSO2 >>> >>> Email : [email protected] >>> Mobile : +94 714221776 >>> web : http://wso2.com >>> <https://www.google.com/url?q=http://wso2.com&sa=D&ust=1517653383990000&usg=AFQjCNFggB4bSJTKmdqKcBV0VY9xx1ABKg> >>> >>> https://wso2.com/signature >>> >> >> >> -- >> Regards, >> >> >> *Darshana Gunawardana*Technical Lead >> WSO2 Inc.; http://wso2.com >> >> *E-mail: [email protected] <[email protected]>* >> *Mobile: +94718566859*Lean . Enterprise . Middleware >> > > > -- > *Tharindu Bandara* > Senior Software Engineer | WSO2 > > Email : [email protected] > Mobile : +94 714221776 > web : http://wso2.com > <https://www.google.com/url?q=http://wso2.com&sa=D&ust=1517653383990000&usg=AFQjCNFggB4bSJTKmdqKcBV0VY9xx1ABKg> > > https://wso2.com/signature > -- *Tharindu Bandara* Senior Software Engineer | WSO2 Email : [email protected] Mobile : +94 714221776 web : http://wso2.com <https://www.google.com/url?q=http://wso2.com&sa=D&ust=1517653383990000&usg=AFQjCNFggB4bSJTKmdqKcBV0VY9xx1ABKg> https://wso2.com/signature
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
