Dear Frank,
Thank you for looking into this.
On Tue, May 5, 2020 at 1:48 PM Frank Leymann wrote:
> Dear Meruja,
>
> the URI of the second API (i.e. /me/roles/{roleName}) is really
> debatable: the intent of the */me* part of the URI seems to be to
> identify the logged-in user, and to me, such
On Tue, May 5, 2020 at 11:36 AM Vithursa Mahendrarajah
wrote:
> Hi Meruja,
>
> The Publisher REST APIs for role validation is used to check whether the given
> role exists and the logged-in user has the given role. Here the role is
> taken from the user input, AFAIU the requirement, in this case
Hi,
If we introduce this API in a way like we have [1] where we can get all the
available roles of the given user, does it create security risk ( Any way
we this is an Admin API right?). If we can get all the available roles, we
can validate it at the client side in this case. At the sametime, thi
Dear Meruja,
the URI of the second API (i.e. /me/roles/{roleName}) is really debatable:
the intent of the */me* part of the URI seems to be to identify the
logged-in user, and to me, such a user is a resource. I.e I assume that a
user is represented in APIM as a resource (but I didn't check the c
