Re: [Dev] [Architecture] Personal information export API

Now the problem is how these claims are returned. If you configure security questions for a user, when the user information is exported, below is the data sent with the current implementation. "basic":{ "http://wso2.org/claims/userid":"a42b7c0a-ae21-46c9-bb78-3bfeb8e7625c; ,

Re: [Dev] [Architecture] Personal information export API

Hi Maduranga, I consider anything related to user as PI. So security questions and answers also falls into this. We need to send these even if we keep them hashed (the hash value) Cheers, Ruwan On Fri, Feb 9, 2018 at 11:12 AM, Maduranga Siriwardena wrote: > Do we need to

Re: [Dev] [Architecture] Personal information export API

Do we need to add security related information of the user also to the response? For example the security questions configured by the user Thanks, On Thu, Feb 8, 2018 at 12:02 PM, Maduranga Siriwardena wrote: > Hi all, > > Based on the discussions had offline we did few

Re: [Dev] [Architecture] Personal information export API

Hi all, Based on the discussions had offline we did few changes to the api. We have come up with 3 endpoints. /api/identity/user/v1.0/me Get the personal information of authenticated user. /api/identity/user/v1.0/pi-info/{userId} Get the personal information of the user with the given id. Users

Re: [Dev] [Architecture] Personal information export API

On Wed, Jan 24, 2018 at 2:20 PM, Maduranga Siriwardena wrote: > If the user is in secondary userstore, fully qualified username contains > "/" character. But seems to be we can't send url encoded "/" characters > (%2F) in path parameters. We are evaluating possible solutions

Re: [Dev] [Architecture] Personal information export API

If the user is in secondary userstore, fully qualified username contains "/" character. But seems to be we can't send url encoded "/" characters (%2F) in path parameters. We are evaluating possible solutions for this. If this is not an option, we are planing to base 64 encode the username and then

Re: [Dev] [Architecture] Personal information export API

On Tue, Jan 23, 2018 at 10:35 AM, Omindu Rathnaweera wrote: > > Hi Maduranga, > > On Tue, Jan 23, 2018 at 10:23 AM, Maduranga Siriwardena < > madura...@wso2.com> wrote: > >> Hi all, >> >> Web app name we have come up for this endpoint is api#identity#user#v1.0 >> and the path

Re: [Dev] [Architecture] Personal information export API

Hi Maduranga, On Tue, Jan 23, 2018 at 10:23 AM, Maduranga Siriwardena wrote: > Hi all, > > Web app name we have come up for this endpoint is api#identity#user#v1.0 > and the path for the endpoint is /pi/users/{userId}. So the whole endpoint > would be > >- for super

Re: [Dev] [Architecture] Personal information export API

Hi all, Web app name we have come up for this endpoint is api#identity#user#v1.0 and the path for the endpoint is /pi/users/{userId}. So the whole endpoint would be - for super tenant, /api/identity/user/v1.0/pi/users/{userId} - for tenant,

Re: [Dev] [Architecture] Personal information export API

In a federated user scenario, we neither have user information nor email address of the user in a case if the user is not JIT. Hence we won't be able to share consents with user in an offline method. But still for federated users we need to maintain consents which we give out to SPs. We can

Re: [Dev] [Architecture] Personal information export API

Hi Hasintha, We do not need to export anything we do not keep in our databases. Could you please explain further if we need to do anything extra for Federated case. Cheers, Ruwan On Mon, Jan 22, 2018 at 5:33 PM, Hasintha Indrajee wrote: > Just a quick question. How are we

Re: [Dev] [Architecture] Personal information export API

Just a quick question. How are we going to cater consents for federated user ? Having consent from 3rd party IDP to IS will not be enough AFAIU. If we are sharing those information through an SP we need to maintain those consents as well. WDYT ? In that case how can federated users download their