You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Problem description
As discussed in Commonalities issue#171 & PR233 we need to shift the device object to optional.
Expected behavior
Apply the mechanism to rely on the access_token (not providing the device object in the API request) for 3-legged access scenarios. This would fix interoperability in all these scenarios, which is a huge improvement. We can define the device identifier as optional in the API specification and, if not provided, simply refer to access_tokehttps://github.com/camaraproject/Commonalities/pull/233n. The developer would simply not provide any further device information, which is simpler. The operator does not need to check that the device identifier actually matches the access_token provided and could simply rely on the access_token itself.
Alternative solution
Additional context
The text was updated successfully, but these errors were encountered:
Hi @bigludo7, is this also required for the subscription-APIs?
Fair question !
The subscription will be handled by 3-legs so I guess getting the phone number via the access token is perfectly valid... consequently the phone number could be optional.
So regarding your question for me Yes
To simplify our work we can probably craft 2 PR: one under your name for the 2 subscriptions yaml and one for me for the 2 other APIs. Works for you?
Problem description
As discussed in Commonalities issue#171 & PR233 we need to shift the
device
object to optional.Expected behavior
Apply the mechanism to rely on the access_token (not providing the device object in the API request) for 3-legged access scenarios. This would fix interoperability in all these scenarios, which is a huge improvement. We can define the device identifier as optional in the API specification and, if not provided, simply refer to access_tokehttps://github.com/camaraproject/Commonalities/pull/233n. The developer would simply not provide any further device information, which is simpler. The operator does not need to check that the device identifier actually matches the access_token provided and could simply rely on the access_token itself.
Alternative solution
Additional context
The text was updated successfully, but these errors were encountered: