On Fri, Aug 19, 2016 at 2:35 PM, Nuwan Dias <nuw...@wso2.com> wrote: > > > On Fri, Aug 19, 2016 at 1:40 PM, Sanjeewa Malalgoda <sanje...@wso2.com> > wrote: > >> The purpose of implementing client tool is to ease admins/devopts task. >> If we think of end user point of view(api creator) client tool do not help >> much. >> I don't believe usual API creator, publishers will use this client much. >> If we need to let them to export API then we should give them UI option. >> >> So most of the time this will be use by system administrators and devopts >> people to move artifacts between environments. In such cases creating new >> application and embedding it to app would not be a problem. And also if >> this is more of admin tool then we can use other securing mechanisms such >> as basic auth. >> > > The import/export tool is a client side library which consumes the product > REST APIs. Since the REST APIs are protected over OAuth I don't think using > Basic Auth is an option. >
Can we introduce a new permission/s [1] and a scope. If user is having these permissions, which we should consider as a sys-admin and allow to perform any of the REST API calls. Same time, if the tool need to be used by normal creator/publisher user, we can keep the logic Kaveesha has initially mentioned. [1] API |- import |- export Regards, Dinusha. > >> Thanks, >> sanjeewa. >> >> On Fri, Aug 19, 2016 at 12:07 PM, Kaveesha Perera <kavee...@wso2.com> >> wrote: >> >>> Hi all, >>> >>> Currently I'm working on a client side tool that consumes REST APIs for >>> API import/export feature of APIM (Refer to my previous email labeled [1]). >>> There OAuth life cycle goes as follows. >>> >>> User asked to give a application name on the configuration file.Using >>> that, tool create a client application calling DCR endpoint to obtain >>> consumer keys and consumer secretes required to generate tokens that are >>> needed for import and export of APIs. In the case where user didn't provide >>> any application name, tool's default name will be used for the above. >>> >>> If the application already exists and only if the user is the owner of >>> that particular application, consumer key and the consumer secret of the >>> existing application will be returned by the DCR endpoint. >>> >>> If any feedback on this process please do reply. >>> >>> *[1] Facilitating Updating API with import/export tool in APIM * >>> >>> Regards, >>> -- >>> Kaveesha Perera >>> Intern - Software Engineering >>> >>> mobile: 0716130471 >>> >>> _______________________________________________ >>> Architecture mailing list >>> Architecture@wso2.org >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> >> *Sanjeewa Malalgoda* >> WSO2 Inc. >> Mobile : +94713068779 >> >> <http://sanjeewamalalgoda.blogspot.com/>blog >> :http://sanjeewamalalgoda.blogspot.com/ >> <http://sanjeewamalalgoda.blogspot.com/> >> >> >> >> _______________________________________________ >> Architecture mailing list >> Architecture@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Nuwan Dias > > Software Architect - WSO2, Inc. http://wso2.com > email : nuw...@wso2.com > Phone : +94 777 775 729 > > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Dinusha Dilrukshi Associate Technical Lead WSO2 Inc.: http://wso2.com/ Mobile: +94725255071 Blog: http://dinushasblog.blogspot.com/
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture