Uploaded image for project: 'OASIS Open Data Protocol (OData) TC'
  1. OASIS Open Data Protocol (OData) TC
  2. ODATA-1145

Align Authorization vocabulary with OpenAPI V3

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: V4.01_CS01
    • Fix Version/s: V4.01_CS02
    • Component/s: Vocabularies
    • Labels:
      None
    • Environment:

      [Proposed]

    • Proposal:
      Hide

      1) Add the following property to the Auth.Authorization complex type:

      <Property Name="Name" Type="Edm.String">
      <Annotation Term="Core.Description" String="Name that can be used to reference the authorization flow."/>
      </Property>

      2) Add the following new complex type to the Auth vocabulary:
      <ComplexType Name="SecurityScheme">
      <Property Name="AuthorizationSchemeName" Type="Edm.String">
      <Annotation Term="Core.Description" String="The name of a required authorization scheme"/>
      </Property>
      <Property Name="RequiredScopes" Type="Collection(Edm.String">
      <Annotation Term="Core.Description" String="The names of scopes required from this authorization scheme."/>
      </Property>
      <ComplexType>

      3) Add the following property to the new HTTPRequest type proposed in ODATA-884:
      <Property Name="SecuritySchemes" Type="Collection(Auth.SecurityScheme)">
      <Annotation Term="Core.Description" String="At least one of the specified security schemes are required to make the request. This overrides any SecuritySchemes specified on the EntityContainer."/>
      </Property>

      4) Add the following term that can be applied to an EntityContainer.
      <Term Name="SecuritySchemes" Type="Collection(Auth.SecurityScheme)" AppliesTo="EntityContainer">
      <Annotation Term="Core.Description" String="At least one of the specified security schemes are required to make a request against the service."/>
      </Term>

      Show
      1) Add the following property to the Auth.Authorization complex type: <Property Name="Name" Type="Edm.String"> <Annotation Term="Core.Description" String="Name that can be used to reference the authorization flow."/> </Property> 2) Add the following new complex type to the Auth vocabulary: <ComplexType Name="SecurityScheme"> <Property Name="AuthorizationSchemeName" Type="Edm.String"> <Annotation Term="Core.Description" String="The name of a required authorization scheme"/> </Property> <Property Name="RequiredScopes" Type="Collection(Edm.String"> <Annotation Term="Core.Description" String="The names of scopes required from this authorization scheme."/> </Property> <ComplexType> 3) Add the following property to the new HTTPRequest type proposed in ODATA-884 : <Property Name="SecuritySchemes" Type="Collection(Auth.SecurityScheme)"> <Annotation Term="Core.Description" String="At least one of the specified security schemes are required to make the request. This overrides any SecuritySchemes specified on the EntityContainer."/> </Property> 4) Add the following term that can be applied to an EntityContainer. <Term Name="SecuritySchemes" Type="Collection(Auth.SecurityScheme)" AppliesTo="EntityContainer"> <Annotation Term="Core.Description" String="At least one of the specified security schemes are required to make a request against the service."/> </Term>
    • Resolution:
      Hide

      https://github.com/oasis-tcs/odata-vocabularies/pull/7

      Show
      https://github.com/oasis-tcs/odata-vocabularies/pull/7

      Description

      Our Authorization vocabulary was defined based on Swagger V2.

      OpenAPI V3 changes slightly the way authorization is specified. In particular, it allows defining authorization flows, and then referencing those flows with a required set of scopes for a particular operation.

      OData-884 proposes adding the ability to specify the requests (and corresponding responses) associated with an entity set, singleton, etc. As part of this proposal, it makes sense to be able to associate particular flows and required scopes with those requests. This can be done by:
      1) Adding a Name to the Authorization type in order to reference a particular authorization, and
      2) Adding a "SecuritySchemes" property to the HTTPRequest type that is a collection of authorization/scope requirements for invoking this particular request.

        Attachments

          Activity

            People

            • Assignee:
              mikep Michael Pizzo (Inactive)
              Reporter:
              mikep Michael Pizzo (Inactive)
            • Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: