Hi all, We had an offline discussion today with +Ishara Karunarathna <[email protected]> +Malithi Edirisinghe <[email protected]> +Darshana Gunawardana <[email protected]> +Isura Karunaratne <[email protected]> +Tharindu Bandara <[email protected]> . According to the discussion, it was decided that the */{user-id}/association *and */{user-id}/federated-association *POST requests are not needed for this API, as such use case of allowing an admin user to associate local/federated account with another is not needed. I will remove these admin APIs from the APIs[1].
[1] https://app.swaggerhub.com/apis/WSO8/association/v1 Thanks, Tharindu. On Wed, Oct 30, 2019 at 6:51 PM Tharindu Bandara <[email protected]> wrote: > Hi all, > > Today we had a review meeting[1] to finalize the swagger API > definition[2]. Please find the meeting notes below. > > *Participants:* +Thanuja Jayasinghe <[email protected]> +Isura Karunaratne > <[email protected]> +Tharindu Bandara <[email protected]> > > *Notes:* > > - *[GET] : /me/associations * > - This API returns a list of associated users. For an associated > user, we would need the associated user's attributes. Therefore the > possibility of retrieving user attributes requested via query params > should > be considered. > - *[DELETE] : /me/federated-associations/{id}, [DELETE] > : /{user-id}/federated-associations/{id}, [DELETE] > : /me/associations/{user-id}* > - These new APIs will be added to support deleting a given association. > - The *{id} *parameter in the above should be a UUID for a > federated association. As of now, all the federated associations are > stored > in "IDN_ASSOCIATED_ID" table, which does not have a unique > identifier for an association. Therefore a new column will be added to > the > table "IDN_ASSOCIATED_ID" to have a UUID for an association entry. > - The *{user-id} *parameter in above is the UUID for the user. > Which would be the same Id in the* GET /me/association* response. > > [1] "Invitation: [Federated User Account Association REST APIs] API Review > @ Wed Oct 30, 2019 4:30pm - 5:30pm (IST) (WSO2 Engineering Group)" > [2] https://app.swaggerhub.com/apis/WSO8/association/v1 > > Regards, > Tharindu. > > On Wed, Oct 30, 2019 at 1:10 PM Tharindu Bandara <[email protected]> > wrote: > >> Hi Darshana, >> >> Why do we need the, >>> >>> - [POST] : /{user-id}/federated-associations >>> >>> The same API is available for the local account association. Now for >> the federated account scenario, we grant this capability to an admin user, >> as an admin API. >> >> We cannot provide a */me *API for this capability, as any user would be >> able to associate any federated account with his account. This was the >> concern raised earlier by +Isura Karunaratne <[email protected]>. >> >> The idea behind this approach is as a privileged user, an admin is able >> to associate both local and a *federated* accounts to a given user. >> >> Regards, >> Tharindu. >> >> On Wed, Oct 30, 2019 at 12:55 PM Darshana Gunawardana <[email protected]> >> wrote: >> >>> Hi Isura\Tharindu, >>> >>> Why do we need the, >>>> >>>> >>>> - [POST] : /{user-id}/federated-associations >>>> >>>> >>> Thanks, >>> >>> On Wed, Oct 30, 2019 at 10:00 AM Tharindu Bandara <[email protected]> >>> wrote: >>> >>>> Hi Isura, >>>> >>>> I think this API is not required. If this is supported, anyone can >>>>> associate federated accounts without authentication. That can cause a >>>>> security issue. >>>>> >>>> >>>> +1. I will remove the [POST] : /me/federated-associations API. >>>> >>>> Regards, >>>> -- >>>> *Tharindu Bandara* >>>> Senior Software Engineer | WSO2 >>>> >>>> Email : [email protected] >>>> Mobile : +94 714221776 >>>> web : http://wso2.com >>>> <https://www.google.com/url?q=http://wso2.com&sa=D&ust=1517653383990000&usg=AFQjCNFggB4bSJTKmdqKcBV0VY9xx1ABKg> >>>> >>>> https://wso2.com/signature >>>> >>> >>> >>> -- >>> Regards, >>> >>> >>> *Darshana Gunawardana*Technical Lead >>> WSO2 Inc.; http://wso2.com >>> >>> *E-mail: [email protected] <[email protected]>* >>> *Mobile: +94718566859*Lean . Enterprise . Middleware >>> >> >> >> -- >> *Tharindu Bandara* >> Senior Software Engineer | WSO2 >> >> Email : [email protected] >> Mobile : +94 714221776 >> web : http://wso2.com >> <https://www.google.com/url?q=http://wso2.com&sa=D&ust=1517653383990000&usg=AFQjCNFggB4bSJTKmdqKcBV0VY9xx1ABKg> >> >> https://wso2.com/signature >> > > > -- > *Tharindu Bandara* > Senior Software Engineer | WSO2 > > Email : [email protected] > Mobile : +94 714221776 > web : http://wso2.com > <https://www.google.com/url?q=http://wso2.com&sa=D&ust=1517653383990000&usg=AFQjCNFggB4bSJTKmdqKcBV0VY9xx1ABKg> > > https://wso2.com/signature > -- *Tharindu Bandara* Senior Software Engineer | WSO2 Email : [email protected] Mobile : +94 714221776 web : http://wso2.com <https://www.google.com/url?q=http://wso2.com&sa=D&ust=1517653383990000&usg=AFQjCNFggB4bSJTKmdqKcBV0VY9xx1ABKg> https://wso2.com/signature
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
