Hi all,
Based on the discussions had offline we did few changes to the api. We have
come up with 3 endpoints.
/api/identity/user/v1.0/me
Get the personal information of authenticated user.
/api/identity/user/v1.0/pi-info/{userId}
Get the personal information of the user with the given id. Users with
"administrative" privileges can invoke this api. We need to decide what
level authorization needed for this operation.
/api/identity/user/v1.0/pi-info?username=xxxx
Get the user ids and usernames of the given username pattern. This might
not be implemented at the moment.
Thanks,
Maduranga.
On Wed, Jan 24, 2018 at 8:33 PM, Isura Karunaratne <is...@wso2.com> wrote:
>
>
> On Wed, Jan 24, 2018 at 2:20 PM, Maduranga Siriwardena <madura...@wso2.com
> > wrote:
>
>> If the user is in secondary userstore, fully qualified username contains
>> "/" character. But seems to be we can't send url encoded "/" characters
>> (%2F) in path parameters. We are evaluating possible solutions for this. If
>> this is not an option, we are planing to base 64 encode the username and
>> then url encode it.
>>
>> We already has a web application with name api#identity#user [1]. So we
>> are planing to use the same repository for this code also.
>>
>
> Yes. We can use the same application.
>
>>
>> [1] https://github.com/wso2-extensions/identity-governance/t
>> ree/v1.0.38/components/org.wso2.carbon.identity.user.endpoint
>>
>> Thanks,
>>
>> On Tue, Jan 23, 2018 at 10:40 AM, Maduranga Siriwardena <
>> madura...@wso2.com> wrote:
>>
>>>
>>>
>>> On Tue, Jan 23, 2018 at 10:35 AM, Omindu Rathnaweera <omi...@wso2.com>
>>> wrote:
>>>
>>>>
>>>> Hi Maduranga,
>>>>
>>>> On Tue, Jan 23, 2018 at 10:23 AM, Maduranga Siriwardena <
>>>> madura...@wso2.com> wrote:
>>>>
>>>>> Hi all,
>>>>>
>>>>> Web app name we have come up for this endpoint
>>>>> is api#identity#user#v1.0 and the path for the endpoint is
>>>>> /pi/users/{userId}. So the whole endpoint would be
>>>>>
>>>>> - for super tenant,
>>>>>
>>>>> /api/identity/user/v1.0/pi/users/{userId}
>>>>>
>>>>>
>>>>> - for tenant,
>>>>>
>>>>> /t/{tenant-domain}/api/identity/user/v1.0/pi/users/{userId}
>>>>>
>>>>>
> IMO we can use following format,
>
> / t/{tenant-domain}/api/identity/user/v1.0/pi-info/{id}
>
>
> Thanks
> Isura.
>
>>
>>>>> Our initial plan was to use the ID used in Pseudonyms for username
>>>>> feature [1]. But as the ID used by Pseudonyms for username feature is not
>>>>> available to outside, we cannot use it here. Next option available to us
>>>>> is
>>>>> the ID used in SCIM. But as it is not mandatory to have SCIM ID in system
>>>>> (when SCIM is disabled), we cannot use this option also.
>>>>>
>>>>> Because of above reasons, we are planing to use base 64 encoded fully
>>>>> qualified username as the userId in the above request.
>>>>>
>>>>
>>>> Would like to know the rationale behind base64 encoding the username.
>>>> Also if it has to be b64 encoded for some reason then it should be base64
>>>> URL encoded I believe.
>>>>
>>>
>>> Yes this should be url encoding.
>>>
>>>>
>>>>
>>>>>
>>>>> Do you have any suggestions?
>>>>>
>>>>> [1] [Architecture] GDPR - Pseudonyms For Username
>>>>>
>>>>> Thanks,
>>>>>
>>>>> On Mon, Jan 22, 2018 at 5:52 PM, Hasintha Indrajee <hasin...@wso2.com>
>>>>> wrote:
>>>>>
>>>>>> In a federated user scenario, we neither have user information nor
>>>>>> email address of the user in a case if the user is not JIT. Hence we
>>>>>> won't
>>>>>> be able to share consents with user in an offline method. But still for
>>>>>> federated users we need to maintain consents which we give out to SPs. We
>>>>>> can process this offline and store somewhere (consent info ready for
>>>>>> download). The way we share will depend. eg - For the users who have
>>>>>> emails
>>>>>> we can send them through an email (as a download link). If not we can
>>>>>> share
>>>>>> those information through another medium (eg - user profile at a later
>>>>>> login)
>>>>>>
>>>>>> On Mon, Jan 22, 2018 at 5:40 PM, Ruwan Abeykoon <ruw...@wso2.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi Hasintha,
>>>>>>> We do not need to export anything we do not keep in our databases.
>>>>>>> Could you please explain further if we need to do anything extra for
>>>>>>> Federated case.
>>>>>>>
>>>>>>> Cheers,
>>>>>>> Ruwan
>>>>>>>
>>>>>>> On Mon, Jan 22, 2018 at 5:33 PM, Hasintha Indrajee <
>>>>>>> hasin...@wso2.com> wrote:
>>>>>>>
>>>>>>>> Just a quick question. How are we going to cater consents for
>>>>>>>> federated user ? Having consent from 3rd party IDP to IS will not be
>>>>>>>> enough
>>>>>>>> AFAIU. If we are sharing those information through an SP we need to
>>>>>>>> maintain those consents as well. WDYT ?
>>>>>>>>
>>>>>>>> In that case how can federated users download their consents ?
>>>>>>>>
>>>>>>>> On Mon, Jan 22, 2018 at 5:25 PM, Omindu Rathnaweera <
>>>>>>>> omi...@wso2.com> wrote:
>>>>>>>>
>>>>>>>>> Hi Maduranga,
>>>>>>>>>
>>>>>>>>> In the consent API we do not have the option to get multiple
>>>>>>>>> receipts, the API only returns a list of receipt IDs for a given
>>>>>>>>> search
>>>>>>>>> criteria. If you need to include receipt data of all the consent
>>>>>>>>> entries,
>>>>>>>>> you will have to iterate through all the consent IDs and fetch the
>>>>>>>>> individual receipts. Keep in mind that this will likely to generate a
>>>>>>>>> payload of a considerable size.
>>>>>>>>>
>>>>>>>>> Regards,
>>>>>>>>> Omindu.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Mon, Jan 22, 2018 at 5:12 PM, Maduranga Siriwardena <
>>>>>>>>> madura...@wso2.com> wrote:
>>>>>>>>>
>>>>>>>>>> Hi all,
>>>>>>>>>>
>>>>>>>>>> We are creating a REST API to export user information for IS
>>>>>>>>>> 5.5.0.
>>>>>>>>>>
>>>>>>>>>> Swagger at [1] is the initial design of the API.
>>>>>>>>>>
>>>>>>>>>> In the initial phase we are allowing the data to be exported only
>>>>>>>>>> by the owner of the profile.
>>>>>>>>>>
>>>>>>>>>> At the moment we are planing to export basic user profile
>>>>>>>>>> information and the consents user has given. Response JSON has 2
>>>>>>>>>> parts in
>>>>>>>>>> it.
>>>>>>>>>>
>>>>>>>>>> - basic: this part will have the users profile information
>>>>>>>>>> (claims) in wso2 dialect
>>>>>>>>>> - consents: this part will have an array of consents user has
>>>>>>>>>> provided to the Identity Server. Though in the swagger it is
>>>>>>>>>> represented
>>>>>>>>>> with the ID of the consent receipt, the actual response will
>>>>>>>>>> consist of the
>>>>>>>>>> whole consent receipt. (Refer mail thread [2] @
>>>>>>>>>> architect...@wso2.org for more information)
>>>>>>>>>>
>>>>>>>>>> Below is a sample JSON response.
>>>>>>>>>>
>>>>>>>>>> {
>>>>>>>>>> "basic": {
>>>>>>>>>> "http://wso2.org/claims/userid":
>>>>>>>>>> "92d6513e-f4ca-4438-b403-98380695ed08",
>>>>>>>>>> "http://wso2.org/claims/username": "maduranga",
>>>>>>>>>> "http://wso2.org/claims/givenname": "Maduranga",
>>>>>>>>>> "http://wso2.org/claims/lastname": "Siriwardena",
>>>>>>>>>> "http://wso2.org/claims/emailaddress": "madura...@wso2.com",
>>>>>>>>>> "http://wso2.org/claims/telephone": "+94711111111
>>>>>>>>>> <+94%2071%20111%201111>"
>>>>>>>>>> },
>>>>>>>>>> "consents": [
>>>>>>>>>> {
>>>>>>>>>> "id": "bc53e7bd-013d-4020-b522-1915ada1f305"
>>>>>>>>>> }
>>>>>>>>>> ]
>>>>>>>>>> }
>>>>>>>>>>
>>>>>>>>>> Do you have any suggestions for additional types of information
>>>>>>>>>> to be included in the response?
>>>>>>>>>>
>>>>>>>>>> [1] https://app.swaggerhub.com/apis/Maduranga/PersonalInform
>>>>>>>>>> ationExport/1.0.0
>>>>>>>>>> [2] Consent Management APIs for IS 5.5.0
>>>>>>>>>>
>>>>>>>>>> Thanks,
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Maduranga Siriwardena
>>>>>>>>>> Senior Software Engineer
>>>>>>>>>> WSO2 Inc; http://wso2.com/
>>>>>>>>>>
>>>>>>>>>> Email: madura...@wso2.com
>>>>>>>>>> Mobile: +94718990591 <+94%2071%20899%200591>
>>>>>>>>>> Blog: *https://madurangasiriwardena.wordpress.com/
>>>>>>>>>> <https://madurangasiriwardena.wordpress.com/>*
>>>>>>>>>> <http://wso2.com/signature>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Omindu Rathnaweera
>>>>>>>>> Senior Software Engineer, WSO2 Inc.
>>>>>>>>> Mobile: +94 771 197 211 <077%20119%207211>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Architecture mailing list
>>>>>>>>> architect...@wso2.org
>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Hasintha Indrajee
>>>>>>>> WSO2, Inc.
>>>>>>>> Mobile:+94 771892453 <+94%2077%20189%202453>
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Dev mailing list
>>>>>>>> Dev@wso2.org
>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Hasintha Indrajee
>>>>>> WSO2, Inc.
>>>>>> Mobile:+94 771892453 <+94%2077%20189%202453>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Dev mailing list
>>>>>> Dev@wso2.org
>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Maduranga Siriwardena
>>>>> Senior Software Engineer
>>>>> WSO2 Inc; http://wso2.com/
>>>>>
>>>>> Email: madura...@wso2.com
>>>>> Mobile: +94718990591 <+94%2071%20899%200591>
>>>>> Blog: *https://madurangasiriwardena.wordpress.com/
>>>>> <https://madurangasiriwardena.wordpress.com/>*
>>>>> <http://wso2.com/signature>
>>>>>
>>>>> _______________________________________________
>>>>> Dev mailing list
>>>>> Dev@wso2.org
>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>
>>>>>
>>>> Thanks,
>>>> Omindu.
>>>>
>>>> --
>>>> Omindu Rathnaweera
>>>> Senior Software Engineer, WSO2 Inc.
>>>> Mobile: +94 771 197 211 <+94%2077%20119%207211>
>>>>
>>>
>>>
>>>
>>> --
>>> Maduranga Siriwardena
>>> Senior Software Engineer
>>> WSO2 Inc; http://wso2.com/
>>>
>>> Email: madura...@wso2.com
>>> Mobile: +94718990591 <+94%2071%20899%200591>
>>> Blog: *https://madurangasiriwardena.wordpress.com/
>>> <https://madurangasiriwardena.wordpress.com/>*
>>> <http://wso2.com/signature>
>>>
>>
>>
>>
>> --
>> Maduranga Siriwardena
>> Senior Software Engineer
>> WSO2 Inc; http://wso2.com/
>>
>> Email: madura...@wso2.com
>> Mobile: +94718990591 <+94%2071%20899%200591>
>> Blog: *https://madurangasiriwardena.wordpress.com/
>> <https://madurangasiriwardena.wordpress.com/>*
>> <http://wso2.com/signature>
>>
>> _______________________________________________
>> Architecture mailing list
>> architect...@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>>
>
>
> --
>
> *Isura Dilhara Karunaratne*
> Associate Technical Lead | WSO2
> Email: is...@wso2.com
> Mob : +94 772 254 810 <+94%2077%20225%204810>
> Blog : http://isurad.blogspot.com/
>
>
>
>
> _______________________________________________
> Architecture mailing list
> architect...@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>
--
Maduranga Siriwardena
Senior Software Engineer
WSO2 Inc; http://wso2.com/
Email: madura...@wso2.com
Mobile: +94718990591
Blog: *https://madurangasiriwardena.wordpress.com/
<https://madurangasiriwardena.wordpress.com/>*
<http://wso2.com/signature>
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
