Hi Malintha, Are we not providing an endpoint for /userinfo ? Or are we not supporting openid connect related stuff with this api . Also revoke api is not mentioned as well. Was it intentional?
Chamila. On Wed, Jan 10, 2018 at 3:30 AM, Malintha Amarasinghe <malint...@wso2.com> wrote: > Thanks Bhathiya and Sanjeewa. +1 to remove the version from Spec based > APIs. > > And +1 for */api/auth/oauth2/ *instead of */api/auth/oauth/2.0*, > > As per the discussion I had with Sanjeewa, it was suggested to use /oauth2 > prefix for all the APIs which are based on an OAuth2 spec. > > Following are the updated paths to reflect all the changes discussed so > far. > > 1. Client Registration/Management REST API > /api/auth/oauth2/dcr > > 2. OAuth Token REST API > /api/auth/oauth2/token > > 3. OAuth Authorize REST API > /api/auth/oauth2/authorize > > 4. Token Introspection REST API > /api/auth/oauth2/introspect > > Scope registration API is not based on a spec so uses our conventional way: > > 5. Scope Registration REST API > /api/auth/scope-registration/v1[.x] > > SCIM2; based on spec so no need of version. > > 6. SCIM REST API > /api/auth/scim2 > > @All, Appreciate your thoughts. > > Thanks! > Malintha > > > > On Wed, Jan 10, 2018 at 12:51 PM, Bhathiya Jayasekara <bhath...@wso2.com> > wrote: > >> On Wed, Jan 10, 2018 at 12:39 PM, Sanjeewa Malalgoda <sanje...@wso2.com> >> wrote: >> >>> When it comes to spec based API i think we do not need to worry about >>> versions. If we consider oauth2 then it will be anyway support oauth 2.0 >>> and will not change API. >>> Underlying implementation can change but API will not change. So should >>> we need versions for them? >>> >> >> Malintha and I discussed the same thing a few days back. We thought of >> using */api/auth/oauth2/* (without a version). Our only concern was that >> is it ok to not to have a version in the URL. If that's not a concern I'm >> +1 for that. >> >> However, I prefer */api/auth/oauth2/ *than */api/auth/oauth/2.0*, but >> that's just my personal preference. >> >> Thanks, >> Bhathiya >> >> >>> Any thoughts? >>> >>> Thanks, >>> sanjeewa. >>> >>> On Tue, Jan 9, 2018 at 2:31 PM, Chamin Dias <cham...@wso2.com> wrote: >>> >>>> Sorry, small correction in my previous mail - /oauth2/v1.0 should be >>>> oauth/v2.0 >>>> >>>> On Tue, Jan 9, 2018 at 2:09 PM, Chamin Dias <cham...@wso2.com> wrote: >>>> >>>>> +1 for Malintha's suggestion. If we go with that, IMHO it is better to >>>>> use /oauth2/v1.0 format for this implementation. >>>>> >>>>> Thanks. >>>>> >>>>> On Tue, Jan 9, 2018 at 1:26 PM, Malintha Amarasinghe < >>>>> malint...@wso2.com> wrote: >>>>> >>>>>> Hi Bhathiya, >>>>>> >>>>>> Usually, minor version increment means a backward compatible API >>>>>> change; eg: adding a new API, adding a new attribute to an existing DTO >>>>>> which is not mandatory. As I believe, we only need to change the version >>>>>> of >>>>>> the API if we introduce some change that the way that clients uses the >>>>>> API >>>>>> are also affected. If we do some performance improvement etc, we don't >>>>>> need >>>>>> to change the version IMHO. >>>>>> >>>>>> Thanks! >>>>>> >>>>>> On Tue, Jan 9, 2018 at 12:19 PM, Bhathiya Jayasekara < >>>>>> bhath...@wso2.com> wrote: >>>>>> >>>>>>> Hi Malintha, >>>>>>> >>>>>>> On Tue, Jan 9, 2018 at 11:54 AM, Malintha Amarasinghe < >>>>>>> malint...@wso2.com> wrote: >>>>>>> >>>>>>>> Hi Bhathiya/Chamila >>>>>>>> >>>>>>>> On Tue, Jan 9, 2018 at 1:44 AM, Chamila Adhikarinayake < >>>>>>>> chami...@wso2.com> wrote: >>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> Should we use oauth2 and scim2 instead. Just an idea. >>>>>>>>>> >>>>>>>>> >>>>>>>>> +1 . seems like oauth/v1.0 is taking about and endpoint for >>>>>>>>> oauth v1.0 instead of OAuth 2.0 >>>>>>>>> >>>>>>>> This is a good point, +1 for changing the base paths for scim2 and >>>>>>>> auth2 API. Yes, having /oauth/v1.0 and /scim/v1.0 seems wrong. >>>>>>>> >>>>>>>> @All, >>>>>>>> >>>>>>>> The version (vX.X) we have been using can be taken as the spec >>>>>>>> version as well. If we use /oauth2/v1.0 we are using two versions in >>>>>>>> the >>>>>>>> base paths. >>>>>>>> >>>>>>>> Lets say we released /oauth2/v1.0 today. Then I think there should >>>>>>>> never be a /oauth2/v1.1 or /oauth2/v2.0 in future. Because those >>>>>>>> version >>>>>>>> updates means we have introduced API changes. But auth2 is a spec >>>>>>>> where we >>>>>>>> are not allowed to do API changes like that. >>>>>>>> >>>>>>> >>>>>>> Shouldn't we increase the minor version when there are >>>>>>> implementation changes? IMO we have to keep spec version and impl >>>>>>> version >>>>>>> seperate. >>>>>>> >>>>>>> Thanks, >>>>>>> Bhathiya >>>>>>> >>>>>>> >>>>>>>> >>>>>>>> So our approach should be /oauth2/v1.0 OR /oauth/v2.0 ? >>>>>>>> >>>>>>>> Same goes to every API which are already having a standard spec >>>>>>>> like SCIM, DCR, Introspection. >>>>>>>> >>>>>>>> >>>>>>>> Regarding having multiple implementation, I think we should try to >>>>>>>> minimize the amount of changes we are doing to the interfaces of >>>>>>>> existing >>>>>>>> IS API as much as possible. But there are few things we may have to >>>>>>>> change >>>>>>>> like Sanjeewa mentioned. Between both default impelentations (IS and >>>>>>>> carbon-auth) we need to re use code as much as possible to minimise the >>>>>>>> maintainace overhead. >>>>>>>> >>>>>>>> Thanks! >>>>>>>> >>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Regards, >>>>>>>>> Chamila Adhikarinayake >>>>>>>>> Senior Software Engineer >>>>>>>>> WSO2, Inc. >>>>>>>>> Mobile - +94712346437 <+94%2071%20234%206437> >>>>>>>>> Email - chami...@wso2.com >>>>>>>>> Blog - http://helpfromadhi.blogspot.com/ >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Malintha Amarasinghe >>>>>>>> *WSO2, Inc. - lean | enterprise | middleware* >>>>>>>> http://wso2.com/ >>>>>>>> >>>>>>>> Mobile : +94 712383306 <071%20238%203306> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> *Bhathiya Jayasekara* >>>>>>> *Associate Technical Lead,* >>>>>>> *WSO2 inc., http://wso2.com <http://wso2.com>* >>>>>>> >>>>>>> *Phone: +94715478185 <+94%2071%20547%208185>* >>>>>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >>>>>>> <http://www.linkedin.com/in/bhathiyaj>* >>>>>>> *Twitter: https://twitter.com/bhathiyax >>>>>>> <https://twitter.com/bhathiyax>* >>>>>>> *Blog: http://movingaheadblog.blogspot.com >>>>>>> <http://movingaheadblog.blogspot.com/>* >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Malintha Amarasinghe >>>>>> *WSO2, Inc. - lean | enterprise | middleware* >>>>>> http://wso2.com/ >>>>>> >>>>>> Mobile : +94 712383306 <+94%2071%20238%203306> >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Chamin Dias >>>>> Mobile : 0716097455 <071%20609%207455> >>>>> Email : cham...@wso2.com >>>>> LinkedIn : https://www.linkedin.com/in/chamindias >>>>> >>>>> >>>> >>>> >>>> -- >>>> Chamin Dias >>>> Mobile : 0716097455 <071%20609%207455> >>>> Email : cham...@wso2.com >>>> LinkedIn : https://www.linkedin.com/in/chamindias >>>> >>>> >>> >>> >>> -- >>> >>> *Sanjeewa Malalgoda* >>> WSO2 Inc. >>> Mobile : +94713068779 <071%20306%208779> >>> >>> <http://sanjeewamalalgoda.blogspot.com/>blog >>> :http://sanjeewamalalgoda.blogspot.com/ >>> <http://sanjeewamalalgoda.blogspot.com/> >>> >>> >>> >> >> >> -- >> *Bhathiya Jayasekara* >> *Associate Technical Lead,* >> *WSO2 inc., http://wso2.com <http://wso2.com>* >> >> *Phone: +94715478185 <+94%2071%20547%208185>* >> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >> <http://www.linkedin.com/in/bhathiyaj>* >> *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* >> *Blog: http://movingaheadblog.blogspot.com >> <http://movingaheadblog.blogspot.com/>* >> > > > > -- > Malintha Amarasinghe > *WSO2, Inc. - lean | enterprise | middleware* > http://wso2.com/ > > Mobile : +94 712383306 <+94%2071%20238%203306> > -- Regards, Chamila Adhikarinayake Senior Software Engineer WSO2, Inc. Mobile - +94712346437 Email - chami...@wso2.com Blog - http://helpfromadhi.blogspot.com/
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture