On Fri, Aug 19, 2016 at 5:38 PM, Nuwan Dias <nuw...@wso2.com> wrote: > > > On Fri, Aug 19, 2016 at 5:20 PM, Dinusha Senanayaka <dinu...@wso2.com> > wrote: > >> >> >> On Fri, Aug 19, 2016 at 2:35 PM, Nuwan Dias <nuw...@wso2.com> wrote: >> >>> >>> >>> On Fri, Aug 19, 2016 at 1:40 PM, Sanjeewa Malalgoda <sanje...@wso2.com> >>> wrote: >>> >>>> The purpose of implementing client tool is to ease admins/devopts task. >>>> If we think of end user point of view(api creator) client tool do not help >>>> much. >>>> I don't believe usual API creator, publishers will use this client >>>> much. If we need to let them to export API then we should give them UI >>>> option. >>>> >>>> So most of the time this will be use by system administrators and >>>> devopts people to move artifacts between environments. In such cases >>>> creating new application and embedding it to app would not be a problem. >>>> And also if this is more of admin tool then we can use other securing >>>> mechanisms such as basic auth. >>>> >>> >>> The import/export tool is a client side library which consumes the >>> product REST APIs. Since the REST APIs are protected over OAuth I don't >>> think using Basic Auth is an option. >>> >> >> Can we introduce a new permission/s [1] and a scope. If user is having >> these permissions, which we should consider as a sys-admin and allow to >> perform any of the REST API calls. Same time, if the tool need to be used >> by normal creator/publisher user, we can keep the logic Kaveesha has >> initially mentioned. >> > > Sorry, I don't get the exact problem you're trying to solve. > > Let's say someone wants to import an API. What basically happens here is > that you're creating an API somewhere. In order to do that you need to have > the "creator" role (to get the required scope). So sys-admin or whoever, > as long as that person has the required permissions, can perform the import > function. Therefore what is the reason you would require to introduce a new > permission? >
This is as a part of what Sanjeewa has brought. Tool should be able to use as a admin tool (which might not be publisher/creator users). Anyway, yes it's just a new permission, no difference if we can add creator role. > >> [1] API >> |- import >> |- export >> >> >> Regards, >> Dinusha. >> >> >>> >>>> Thanks, >>>> sanjeewa. >>>> >>>> On Fri, Aug 19, 2016 at 12:07 PM, Kaveesha Perera <kavee...@wso2.com> >>>> wrote: >>>> >>>>> Hi all, >>>>> >>>>> Currently I'm working on a client side tool that consumes REST APIs >>>>> for API import/export feature of APIM (Refer to my previous email labeled >>>>> [1]). There OAuth life cycle goes as follows. >>>>> >>>>> User asked to give a application name on the configuration file.Using >>>>> that, tool create a client application calling DCR endpoint to obtain >>>>> consumer keys and consumer secretes required to generate tokens that are >>>>> needed for import and export of APIs. In the case where user didn't >>>>> provide >>>>> any application name, tool's default name will be used for the above. >>>>> >>>>> If the application already exists and only if the user is the owner of >>>>> that particular application, consumer key and the consumer secret of the >>>>> existing application will be returned by the DCR endpoint. >>>>> >>>>> If any feedback on this process please do reply. >>>>> >>>>> *[1] Facilitating Updating API with import/export tool in APIM * >>>>> >>>>> Regards, >>>>> -- >>>>> Kaveesha Perera >>>>> Intern - Software Engineering >>>>> >>>>> mobile: 0716130471 >>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> Architecture@wso2.org >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> >>>> >>>> -- >>>> >>>> *Sanjeewa Malalgoda* >>>> WSO2 Inc. >>>> Mobile : +94713068779 >>>> >>>> <http://sanjeewamalalgoda.blogspot.com/>blog >>>> :http://sanjeewamalalgoda.blogspot.com/ >>>> <http://sanjeewamalalgoda.blogspot.com/> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> Architecture@wso2.org >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> Nuwan Dias >>> >>> Software Architect - WSO2, Inc. http://wso2.com >>> email : nuw...@wso2.com >>> Phone : +94 777 775 729 >>> >>> _______________________________________________ >>> Architecture mailing list >>> Architecture@wso2.org >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Dinusha Dilrukshi >> Associate Technical Lead >> WSO2 Inc.: http://wso2.com/ >> Mobile: +94725255071 >> Blog: http://dinushasblog.blogspot.com/ >> >> _______________________________________________ >> Architecture mailing list >> Architecture@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Nuwan Dias > > Software Architect - WSO2, Inc. http://wso2.com > email : nuw...@wso2.com > Phone : +94 777 775 729 > > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Dinusha Dilrukshi Associate Technical Lead WSO2 Inc.: http://wso2.com/ Mobile: +94725255071 Blog: http://dinushasblog.blogspot.com/
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture