Fix issue #619 - Simplify usage of PrivateKeyJwtCredentials for event notification#633
Fix issue #619 - Simplify usage of PrivateKeyJwtCredentials for event notification#633patrice-conil wants to merge 8 commits into
Conversation
…sUri to PrivateKeyJWTCredential
patrice-conil
requested review from
PedroDiez,
bigludo7,
eric-murray,
jlurien and
rartych
as code owners
|
@patrice-conil Thanks for the proposal. |
…use in the CAMARA-API-Event-Subscription-and-Notification-Guide.md file and adds the new opt to the sequence diagram.
…uide.md Co-authored-by: Rafal Artych <121048129+rartych@users.noreply.github.com>
|
Probably the |
…implicit-events.yaml.
Thanks @rartych, |
…uide.md Co-authored-by: Rafal Artych <121048129+rartych@users.noreply.github.com>
|
Thanks @patrice-conil for quick reactions! |
…uide.md Co-authored-by: Rafal Artych <121048129+rartych@users.noreply.github.com>
|
@m-nahum Please review the changes (somehow I cannot add you to reviewers here) |
| pattern: ^https:\/\/.+$ | ||
| description: The address to which events shall be delivered using the selected protocol. | ||
| example: "https://endpoint.example.com/sink" | ||
| sinkCredential: |
There was a problem hiding this comment.
When renderizing it (e.g. via redocly), it appears as well ACCESSTOKEN option.
Maybe it is better to reference common sinkCredential schema in api-templates responses
(we decided to take out based on data minimization paradigm):
sinkCredential:
$ref: "../common/CAMARA_event_common.yaml#/components/schemas/sinkCredential"
and control somehow what is returned in case of ACCESSTOKEN option (in the same fashion as Rafal commented for PrivateKeyJWTCredential
Proposal - within "AccessTokenCredential" schema, make writeOnly:
- accessTokenType
- accessToken
So as an implementation that decides to return sinkCredential of ACCESSTOKEN (when settled) also provides accessTokenExpiresUtc (if it decides to not return sinkCredential, as per data minimization paradigm, no problem because it is API Consumer info).
In that way, i think makes it easier for validation tools and clearer for developers
Based on that, I can make/define alternative artifact tests to cover both approaches to make it clear for API implementations based on their decision in PR #626
There was a problem hiding this comment.
Thanks @PedroDiez,
Suggestions included in new commit
…uide.md Co-authored-by: Pedro Díez García <pedro.diezgarcia@telefonica.com>
… and accessToken writeOnly .
3 participants
Simplify usage of PrivateKeyJwtCredentials for event notification by adding clientId, tokenUri and jwksUri to PrivateKeyJwtCredentials
What type of PR is this?
What this PR does / why we need it:
By integrating all the necessary information into PrivateKeyJwtCredentials, it is no longer necessary to specify it via the Operate API. Parameter changes do not require any modification of the contractual data.
Which issue(s) this PR fixes:
Fixes #619
Does this PR introduce a breaking change?
Special notes for reviewers:
Changelog input
Additional documentation