[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] (ODATA-1145) Align Authorization vocabulary with OpenAPI V3
[ https://issues.oasis-open.org/browse/ODATA-1145?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Pizzo updated ODATA-1145:
---------------------------------
Proposal:
1) Add the following property to the Auth.Authorization complex type:
<Property Name="Name" Type="Edm.String">
<Annotation Term="Core.Description" String="Name that can be used to reference the authorization flow."/>
</Property>
2) Add the following new complex type to the Auth vocabulary:
<ComplexType Name="SecurityScheme">
<Property Name="AuthorizationSchemeName" Type="Edm.String">
<Annotation Term="Core.Description" String="The name of a required authorization scheme"/>
</Property>
<Property Name="RequiredScopes" Type="Collection(Edm.String">
<Annotation Term="Core.Description" String="The names of scopes required from this authorization scheme."/>
</Property>
<ComplexType>
3) Add the following property to the new HTTPRequest type proposed in ODATA-884:
<Property Name="SecuritySchemes" Type="Collection(Auth.SecurityScheme)">
<Annotation Term="Core.Description" String="At least one of the specified security schemes are required to make the request. This overrides any SecuritySchemes specified on the EntityContainer."/>
</Property>
4) Add the following term that can be applied to an EntityContainer.
<Term Name="SecuritySchemes" Type="Collection(Auth.SecurityScheme)" AppliesTo="EntityContainer">
<Annotation Term="Core.Description" String="At least one of the specified security schemes are required to make a request against the service."/>
</Term>
was:
1) Add the following property to the Auth.Authorization complex type:
<Property Name="Name" Type="Edm.String">
<Annotation Term="Core.Description" String="Name that can be used to reference the authorization flow."/>
</Property>
2) Add the following new complex type to the Auth vocabulary:
<ComplexType Name="SecurityScheme">
<Property Name="AuthorizationSchemeName" Type="Edm.String">
<Annotation Term="Core.Description" String="The name of a required authorization scheme"/>
</Property>
<Property Name="RequiredScopes" Type="Collection(Edm.String">
<Annotation Term="Core.Description" String="The names of scopes required from this authorization scheme."/>
</Property>
<ComplexType>
3) Add the following property to the new HTTPRequest type proposed in ODATA-884:
<Property Name="SecuritySchemes" Type="Collection(Auth.SecurityScheme)">
<Annotation Term="Core.Description" String="At least one of the specified security schemes are required to make the request."/>
</Property>
> Align Authorization vocabulary with OpenAPI V3
> ----------------------------------------------
>
> Key: ODATA-1145
> URL: https://issues.oasis-open.org/browse/ODATA-1145
> Project: OASIS Open Data Protocol (OData) TC
> Issue Type: Bug
> Components: Vocabularies
> Affects Versions: V4.01_CS01
> Environment: [Proposed]
> Reporter: Michael Pizzo
> Assignee: Michael Pizzo
> Fix For: V4.01_CS02
>
>
> Our Authorization vocabulary was defined based on Swagger V2.
> OpenAPI V3 changes slightly the way authorization is specified. In particular, it allows defining authorization flows, and then referencing those flows with a required set of scopes for a particular operation.
> OData-884 proposes adding the ability to specify the requests (and corresponding responses) associated with an entity set, singleton, etc. As part of this proposal, it makes sense to be able to associate particular flows and required scopes with those requests. This can be done by:
> 1) Adding a Name to the Authorization type in order to reference a particular authorization, and
> 2) Adding a "SecuritySchemes" property to the HTTPRequest type that is a collection of authorization/scope requirements for invoking this particular request.
--
This message was sent by Atlassian JIRA
(v6.2.2#6258)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]