Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add specification references for securitySchemes #1113

Merged
merged 2 commits into from
Jul 7, 2017
Merged

Add specification references for securitySchemes #1113

merged 2 commits into from
Jul 7, 2017

Conversation

MikeRalphson
Copy link
Member

@MikeRalphson MikeRalphson commented May 18, 2017
edited by darrelmiller
Loading

This is the first of two commits in response to the request in #1080 here to add reference links to the specifications of existing OAS3 security schemes. This PR does not depend on #1080 being merged.

Please check I have the right RFC for OpenId Connect - I went with the discovery specification, http://openid.net/specs/openid-connect-discovery-1_0.html

@webron webron requested a review from darrelmiller May 18, 2017 16:27
@RobDolinMS RobDolinMS added this to the v3.0.0-rc2 milestone May 19, 2017
@RobDolinMS RobDolinMS self-requested a review May 19, 2017 17:15
@RobDolinMS
Copy link
Contributor

#TDC: @RobDolinMS to reach-out to MSFT and GOOG contacts to get input on what is ideal to reference.

@RobDolinMS RobDolinMS self-assigned this May 19, 2017
@RobDolinMS
Copy link
Contributor

Per previous, I have reached-out to MSFT and GOOG contacts.
(CC'd @earth2marsh on the GOOG outreach)

WilliamDenniss
WilliamDenniss reviewed May 22, 2017
View reviewed changes
versions/3.0.md Outdated
@@ -3368,7 +3368,7 @@ animals:
#### <a name="securitySchemeObject"></a>Security Scheme Object

Allows the definition of a security scheme that can be used by the operations.
Supported schemes are HTTP authentication, an API key (either as a header or as a query parameter) and OAuth2's common flows (implicit, password, application and access code).
Supported schemes are HTTP authentication, an API key (either as a header or as a query parameter), OAuth2's common flows (implicit, password, application and access code) as defined in [RFC6749](https://tools.ietf.org/html/rfc6749), and [OpenID Connect](http://openid.net/specs/openid-connect-discovery-1_0.html).
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you mean http://openid.net/specs/openid-connect-core-1_0.html not http://openid.net/specs/openid-connect-discovery-1_0.html?

@RobDolinMS
Copy link
Contributor

@MikeRalphson Would you please update the OpenID Connect reference per @WilliamDenniss's suggestion? At that point, this should be ready for #TDC to merge.

@MikeRalphson
Copy link
Member Author

@RobDolinMS done. Thanks @WilliamDenniss

WilliamDenniss
WilliamDenniss approved these changes May 23, 2017
View reviewed changes
Copy link

@WilliamDenniss WilliamDenniss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@webron
Copy link
Member

webron commented May 24, 2017

@WilliamDenniss Thanks for taking the time to look into this.

A couple of questions, if you don't mind, as I'm completely clueless when it comes to OIC.

  • Our only field related to OIC definition is defined as such:
    openIdConnectUrl - OpenId Connect URL to discover OAuth2 configuration values. This MUST be in the form of a URL.
    Is the discovery URL described in the core or the discovery doc?
  • Do you know if the URL docs are 'fixed'? We've had issues in the past with websites updating URLs or content of URLs, breaking our links in the spec. Is there an alternative URL we should be using?

@darrelmiller darrelmiller self-assigned this Jun 1, 2017
@RobDolinMS RobDolinMS modified the milestones: v3.0.0-final, v3.0.0-rc2 Jun 15, 2017
@darrelmiller
Copy link
Member

I have resolved the conflict and changed the OpenId Connect Discovery link to point to the draft-06 of the document on the IETF site. The draft document has just passed Last Call so the chance of breaking changes are low. However, I still think it is better to point to a draft page that is guaranteed to be stable than a page on openid.net that may change over time. This is consistent with what we have done for references to JSON Schema.

Assuming there are no functional changes in the final version of the IETF RFC we can update the URL in a patch release of this spec.

@RobDolinMS
Copy link
Contributor

#TDC: No objections to pointing to IETF Draft (for now)

@RobDolinMS RobDolinMS merged commit 13ae045 into OAI:OpenAPI.next Jul 7, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@darrelmiller darrelmiller darrelmiller approved these changes

@WilliamDenniss WilliamDenniss WilliamDenniss approved these changes

@fehguy fehguy fehguy approved these changes

@webron webron webron approved these changes

@RobDolinMS RobDolinMS Awaiting requested review from RobDolinMS

Assignees

@MikeRalphson MikeRalphson

@darrelmiller darrelmiller

Labels
None yet
Projects
None yet
Milestone
v3.0.0-final
Development

Successfully merging this pull request may close these issues.
6 participants
@MikeRalphson @RobDolinMS @webron @darrelmiller @fehguy @WilliamDenniss