Hi Tharindu, Currently we have the capability where an admin can link federated accounts to local accounts using an admin services [1]. Does this mean that we are going to not support this in the Rest APIs?
Recently we did a POC for a prospect where we had to load the account mappings to the association table. Does that mean going forward we can only do this by directly writing the mappings to the database using a JDBC client? I would prefer if we can include this capability via Rest APIs, if there is no strong reason not to support it. [1] https://github.com/wso2/carbon-identity-framework/pull/1591 Regards, Johann. On Mon, Nov 4, 2019 at 6:09 PM Tharindu Bandara <tharin...@wso2.com> wrote: > Hi all, > > We had an offline discussion today with +Ishara Karunarathna > <isha...@wso2.com> +Malithi Edirisinghe <malit...@wso2.com> +Darshana > Gunawardana <darsh...@wso2.com> +Isura Karunaratne <is...@wso2.com> +Tharindu > Bandara <tharin...@wso2.com> . According to the discussion, it was > decided that the */{user-id}/association *and > */{user-id}/federated-association > *POST requests are not needed for this API, as such use case of allowing > an admin user to associate local/federated account with another is not > needed. I will remove these admin APIs from the APIs[1]. > > [1] https://app.swaggerhub.com/apis/WSO8/association/v1 > > Thanks, > Tharindu. > > On Wed, Oct 30, 2019 at 6:51 PM Tharindu Bandara <tharin...@wso2.com> > wrote: > >> Hi all, >> >> Today we had a review meeting[1] to finalize the swagger API >> definition[2]. Please find the meeting notes below. >> >> *Participants:* +Thanuja Jayasinghe <than...@wso2.com> +Isura Karunaratne >> <is...@wso2.com> +Tharindu Bandara <tharin...@wso2.com> >> >> *Notes:* >> >> - *[GET] : /me/associations * >> - This API returns a list of associated users. For an associated >> user, we would need the associated user's attributes. Therefore the >> possibility of retrieving user attributes requested via query params >> should >> be considered. >> - *[DELETE] : /me/federated-associations/{id}, [DELETE] >> : /{user-id}/federated-associations/{id}, [DELETE] >> : /me/associations/{user-id}* >> - These new APIs will be added to support deleting a given >> association. >> - The *{id} *parameter in the above should be a UUID for a >> federated association. As of now, all the federated associations are >> stored >> in "IDN_ASSOCIATED_ID" table, which does not have a unique >> identifier for an association. Therefore a new column will be added to >> the >> table "IDN_ASSOCIATED_ID" to have a UUID for an association entry. >> - The *{user-id} *parameter in above is the UUID for the user. >> Which would be the same Id in the* GET /me/association* response. >> >> [1] "Invitation: [Federated User Account Association REST APIs] API >> Review @ Wed Oct 30, 2019 4:30pm - 5:30pm (IST) (WSO2 Engineering Group)" >> [2] https://app.swaggerhub.com/apis/WSO8/association/v1 >> >> Regards, >> Tharindu. >> >> On Wed, Oct 30, 2019 at 1:10 PM Tharindu Bandara <tharin...@wso2.com> >> wrote: >> >>> Hi Darshana, >>> >>> Why do we need the, >>>> >>>> - [POST] : /{user-id}/federated-associations >>>> >>>> The same API is available for the local account association. Now for >>> the federated account scenario, we grant this capability to an admin user, >>> as an admin API. >>> >>> We cannot provide a */me *API for this capability, as any user would be >>> able to associate any federated account with his account. This was the >>> concern raised earlier by +Isura Karunaratne <is...@wso2.com>. >>> >>> The idea behind this approach is as a privileged user, an admin is able >>> to associate both local and a *federated* accounts to a given user. >>> >>> Regards, >>> Tharindu. >>> >>> On Wed, Oct 30, 2019 at 12:55 PM Darshana Gunawardana <darsh...@wso2.com> >>> wrote: >>> >>>> Hi Isura\Tharindu, >>>> >>>> Why do we need the, >>>>> >>>>> >>>>> - [POST] : /{user-id}/federated-associations >>>>> >>>>> >>>> Thanks, >>>> >>>> On Wed, Oct 30, 2019 at 10:00 AM Tharindu Bandara <tharin...@wso2.com> >>>> wrote: >>>> >>>>> Hi Isura, >>>>> >>>>> I think this API is not required. If this is supported, anyone can >>>>>> associate federated accounts without authentication. That can cause a >>>>>> security issue. >>>>>> >>>>> >>>>> +1. I will remove the [POST] : /me/federated-associations API. >>>>> >>>>> Regards, >>>>> -- >>>>> *Tharindu Bandara* >>>>> Senior Software Engineer | WSO2 >>>>> >>>>> Email : tharin...@wso2.com >>>>> Mobile : +94 714221776 >>>>> web : http://wso2.com >>>>> <https://www.google.com/url?q=http://wso2.com&sa=D&ust=1517653383990000&usg=AFQjCNFggB4bSJTKmdqKcBV0VY9xx1ABKg> >>>>> >>>>> https://wso2.com/signature >>>>> >>>> >>>> >>>> -- >>>> Regards, >>>> >>>> >>>> *Darshana Gunawardana*Technical Lead >>>> WSO2 Inc.; http://wso2.com >>>> >>>> *E-mail: darsh...@wso2.com <darsh...@wso2.com>* >>>> *Mobile: +94718566859*Lean . Enterprise . Middleware >>>> >>> >>> >>> -- >>> *Tharindu Bandara* >>> Senior Software Engineer | WSO2 >>> >>> Email : tharin...@wso2.com >>> Mobile : +94 714221776 >>> web : http://wso2.com >>> <https://www.google.com/url?q=http://wso2.com&sa=D&ust=1517653383990000&usg=AFQjCNFggB4bSJTKmdqKcBV0VY9xx1ABKg> >>> >>> https://wso2.com/signature >>> >> >> >> -- >> *Tharindu Bandara* >> Senior Software Engineer | WSO2 >> >> Email : tharin...@wso2.com >> Mobile : +94 714221776 >> web : http://wso2.com >> <https://www.google.com/url?q=http://wso2.com&sa=D&ust=1517653383990000&usg=AFQjCNFggB4bSJTKmdqKcBV0VY9xx1ABKg> >> >> https://wso2.com/signature >> > > > -- > *Tharindu Bandara* > Senior Software Engineer | WSO2 > > Email : tharin...@wso2.com > Mobile : +94 714221776 > web : http://wso2.com > <https://www.google.com/url?q=http://wso2.com&sa=D&ust=1517653383990000&usg=AFQjCNFggB4bSJTKmdqKcBV0VY9xx1ABKg> > > https://wso2.com/signature > -- *Johann Dilantha Nallathamby* | Associate Director/Solutions Architect | WSO2 Inc. (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) joh...@wso2.com [image: Signature.jpg]
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
