Thanks Bhathiya and Sanjeewa. +1 to remove the version from Spec based APIs.
And +1 for */api/auth/oauth2/ *instead of */api/auth/oauth/2.0*, As per the discussion I had with Sanjeewa, it was suggested to use /oauth2 prefix for all the APIs which are based on an OAuth2 spec. Following are the updated paths to reflect all the changes discussed so far. 1. Client Registration/Management REST API /api/auth/oauth2/dcr 2. OAuth Token REST API /api/auth/oauth2/token 3. OAuth Authorize REST API /api/auth/oauth2/authorize 4. Token Introspection REST API /api/auth/oauth2/introspect Scope registration API is not based on a spec so uses our conventional way: 5. Scope Registration REST API /api/auth/scope-registration/v1[.x] SCIM2; based on spec so no need of version. 6. SCIM REST API /api/auth/scim2 @All, Appreciate your thoughts. Thanks! Malintha On Wed, Jan 10, 2018 at 12:51 PM, Bhathiya Jayasekara <bhath...@wso2.com> wrote: > On Wed, Jan 10, 2018 at 12:39 PM, Sanjeewa Malalgoda <sanje...@wso2.com> > wrote: > >> When it comes to spec based API i think we do not need to worry about >> versions. If we consider oauth2 then it will be anyway support oauth 2.0 >> and will not change API. >> Underlying implementation can change but API will not change. So should >> we need versions for them? >> > > Malintha and I discussed the same thing a few days back. We thought of > using */api/auth/oauth2/* (without a version). Our only concern was that > is it ok to not to have a version in the URL. If that's not a concern I'm > +1 for that. > > However, I prefer */api/auth/oauth2/ *than */api/auth/oauth/2.0*, but > that's just my personal preference. > > Thanks, > Bhathiya > > >> Any thoughts? >> >> Thanks, >> sanjeewa. >> >> On Tue, Jan 9, 2018 at 2:31 PM, Chamin Dias <cham...@wso2.com> wrote: >> >>> Sorry, small correction in my previous mail - /oauth2/v1.0 should be >>> oauth/v2.0 >>> >>> On Tue, Jan 9, 2018 at 2:09 PM, Chamin Dias <cham...@wso2.com> wrote: >>> >>>> +1 for Malintha's suggestion. If we go with that, IMHO it is better to >>>> use /oauth2/v1.0 format for this implementation. >>>> >>>> Thanks. >>>> >>>> On Tue, Jan 9, 2018 at 1:26 PM, Malintha Amarasinghe < >>>> malint...@wso2.com> wrote: >>>> >>>>> Hi Bhathiya, >>>>> >>>>> Usually, minor version increment means a backward compatible API >>>>> change; eg: adding a new API, adding a new attribute to an existing DTO >>>>> which is not mandatory. As I believe, we only need to change the version >>>>> of >>>>> the API if we introduce some change that the way that clients uses the API >>>>> are also affected. If we do some performance improvement etc, we don't >>>>> need >>>>> to change the version IMHO. >>>>> >>>>> Thanks! >>>>> >>>>> On Tue, Jan 9, 2018 at 12:19 PM, Bhathiya Jayasekara < >>>>> bhath...@wso2.com> wrote: >>>>> >>>>>> Hi Malintha, >>>>>> >>>>>> On Tue, Jan 9, 2018 at 11:54 AM, Malintha Amarasinghe < >>>>>> malint...@wso2.com> wrote: >>>>>> >>>>>>> Hi Bhathiya/Chamila >>>>>>> >>>>>>> On Tue, Jan 9, 2018 at 1:44 AM, Chamila Adhikarinayake < >>>>>>> chami...@wso2.com> wrote: >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> Should we use oauth2 and scim2 instead. Just an idea. >>>>>>>>> >>>>>>>> >>>>>>>> +1 . seems like oauth/v1.0 is taking about and endpoint for oauth >>>>>>>> v1.0 instead of OAuth 2.0 >>>>>>>> >>>>>>> This is a good point, +1 for changing the base paths for scim2 and >>>>>>> auth2 API. Yes, having /oauth/v1.0 and /scim/v1.0 seems wrong. >>>>>>> >>>>>>> @All, >>>>>>> >>>>>>> The version (vX.X) we have been using can be taken as the spec >>>>>>> version as well. If we use /oauth2/v1.0 we are using two versions in the >>>>>>> base paths. >>>>>>> >>>>>>> Lets say we released /oauth2/v1.0 today. Then I think there should >>>>>>> never be a /oauth2/v1.1 or /oauth2/v2.0 in future. Because those version >>>>>>> updates means we have introduced API changes. But auth2 is a spec where >>>>>>> we >>>>>>> are not allowed to do API changes like that. >>>>>>> >>>>>> >>>>>> Shouldn't we increase the minor version when there are implementation >>>>>> changes? IMO we have to keep spec version and impl version seperate. >>>>>> >>>>>> Thanks, >>>>>> Bhathiya >>>>>> >>>>>> >>>>>>> >>>>>>> So our approach should be /oauth2/v1.0 OR /oauth/v2.0 ? >>>>>>> >>>>>>> Same goes to every API which are already having a standard spec like >>>>>>> SCIM, DCR, Introspection. >>>>>>> >>>>>>> >>>>>>> Regarding having multiple implementation, I think we should try to >>>>>>> minimize the amount of changes we are doing to the interfaces of >>>>>>> existing >>>>>>> IS API as much as possible. But there are few things we may have to >>>>>>> change >>>>>>> like Sanjeewa mentioned. Between both default impelentations (IS and >>>>>>> carbon-auth) we need to re use code as much as possible to minimise the >>>>>>> maintainace overhead. >>>>>>> >>>>>>> Thanks! >>>>>>> >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Regards, >>>>>>>> Chamila Adhikarinayake >>>>>>>> Senior Software Engineer >>>>>>>> WSO2, Inc. >>>>>>>> Mobile - +94712346437 <+94%2071%20234%206437> >>>>>>>> Email - chami...@wso2.com >>>>>>>> Blog - http://helpfromadhi.blogspot.com/ >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Malintha Amarasinghe >>>>>>> *WSO2, Inc. - lean | enterprise | middleware* >>>>>>> http://wso2.com/ >>>>>>> >>>>>>> Mobile : +94 712383306 <071%20238%203306> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> *Bhathiya Jayasekara* >>>>>> *Associate Technical Lead,* >>>>>> *WSO2 inc., http://wso2.com <http://wso2.com>* >>>>>> >>>>>> *Phone: +94715478185 <+94%2071%20547%208185>* >>>>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >>>>>> <http://www.linkedin.com/in/bhathiyaj>* >>>>>> *Twitter: https://twitter.com/bhathiyax >>>>>> <https://twitter.com/bhathiyax>* >>>>>> *Blog: http://movingaheadblog.blogspot.com >>>>>> <http://movingaheadblog.blogspot.com/>* >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Malintha Amarasinghe >>>>> *WSO2, Inc. - lean | enterprise | middleware* >>>>> http://wso2.com/ >>>>> >>>>> Mobile : +94 712383306 <+94%2071%20238%203306> >>>>> >>>> >>>> >>>> >>>> -- >>>> Chamin Dias >>>> Mobile : 0716097455 <071%20609%207455> >>>> Email : cham...@wso2.com >>>> LinkedIn : https://www.linkedin.com/in/chamindias >>>> >>>> >>> >>> >>> -- >>> Chamin Dias >>> Mobile : 0716097455 <071%20609%207455> >>> Email : cham...@wso2.com >>> LinkedIn : https://www.linkedin.com/in/chamindias >>> >>> >> >> >> -- >> >> *Sanjeewa Malalgoda* >> WSO2 Inc. >> Mobile : +94713068779 <071%20306%208779> >> >> <http://sanjeewamalalgoda.blogspot.com/>blog >> :http://sanjeewamalalgoda.blogspot.com/ >> <http://sanjeewamalalgoda.blogspot.com/> >> >> >> > > > -- > *Bhathiya Jayasekara* > *Associate Technical Lead,* > *WSO2 inc., http://wso2.com <http://wso2.com>* > > *Phone: +94715478185 <+94%2071%20547%208185>* > *LinkedIn: http://www.linkedin.com/in/bhathiyaj > <http://www.linkedin.com/in/bhathiyaj>* > *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* > *Blog: http://movingaheadblog.blogspot.com > <http://movingaheadblog.blogspot.com/>* > -- Malintha Amarasinghe *WSO2, Inc. - lean | enterprise | middleware* http://wso2.com/ Mobile : +94 712383306 <+94%2071%20238%203306>
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture