-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
adding MC ATP yaml #8
adding MC ATP yaml #8
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This openapi definition is incorrect, you need to check semantic and syntax erors using https://editor.swagger.io/.
For axample in schemas you need to group "required" attribute in a separate section.
atpTimestamp:
type: object
properties:
simChange:
type: string
required: true
example: 'simChange: 2022-12-06'
isUncontidionalCallDivertActive:
type: string
required: false
should be
atpTimestamp:
type: object
properties:
simChange:
type: string
example: 'simChange: 2022-12-06'
isUncontidionalCallDivertActive:
type: string
required:
- simChange
I can help to fix these issues.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I made a quick review with some comments for your consideration.
You can check also these errors at https://editor.swagger.io/#/:
Semantic error at security.0
Security requirements must match a security definition
Jump to line 118
Semantic error at security.1
Security requirements must match a security definition
Jump to line 119
tags: | ||
- name: Mobile Connect ATP | ||
paths: | ||
/token: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/token endpoint is part of the authentication flow and should not be here. All paths in this yaml file are supposed to have a common server and base path, so implementation could not hace distinct servers for /token and other resources
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In CAMARA numberVerify proposal we have endpoints for /authorize & /token. We should have same pattern everywhere.
As this proposal is based on MC I'm fine with these endpoints but probably we could add a comment to indicate that they could be in a distinct server as mentionned by @jlurien
BTW, @jlurien in QoD API we have in the same swagger for both /sessions & notifications and they will not be implemented in same server.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should leave this comment inside swagger or in MD file?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would document it in both. Problems with yaml may rise when some client library try to genere code directly from yaml definition. We should be more careful with these aspects across all APIs when final v1 versions are released.
code/API_definitions/MC_ATP.yaml
Outdated
- active | ||
- inactive | ||
required: | ||
- simSwap |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this property is not listed above
Yep - I saw this and fixing the swagger.
________________________________
From: Jose Luis Urien ***@***.***>
Sent: Thursday, December 15, 2022 6:11:57 PM
To: camaraproject/SimSwap ***@***.***>
Cc: Wróblewski Dawid ***@***.***>; Author ***@***.***>
Subject: Re: [camaraproject/SimSwap] adding MC ATP yaml (PR #8)
SECURITY WARNING:
Ta wiadomość pochodzi z zewnętrznego źródła - uważaj na załączniki i linki. Jeśli wiadomość wyda Ci się podejrzana zgłoś incydent.
This email is from an external source - be careful of attachments and links. Please follow good practices and report suspicious emails.
@jlurien commented on this pull request.
I made a quick review with some comments for your consideration.
You can check also these errors at https://editor.swagger.io/#/:
Semantic error at security.0
Security requirements must match a security definition
Jump to line 118
Semantic error at security.1
Security requirements must match a security definition
Jump to line 119
________________________________
In code/API_definitions/MC_ATP.yaml<#8 (comment)>:
@@ -0,0 +1,160 @@
+openapi: 3.0.0
+info:
+ title: CAMARA simSwap
⬇️ Suggested change
- title: CAMARA simSwap
+ title: SIM Swap
It is the approved name for the API
________________________________
In code/API_definitions/MC_ATP.yaml<#8 (comment)>:
@@ -0,0 +1,160 @@
+openapi: 3.0.0
+info:
+ title: CAMARA simSwap
+ description: CAMARA simSwap API based on Mobile Connect Account Takeover Protection API definition.
⬇️ Suggested change
- description: CAMARA simSwap API based on Mobile Connect Account Takeover Protection API definition.
+ description: SIM Swap API based on Mobile Connect Account Takeover Protection API definition.
________________________________
In code/API_definitions/MC_ATP.yaml<#8 (comment)>:
@@ -0,0 +1,160 @@
+openapi: 3.0.0
+info:
+ title: CAMARA simSwap
+ description: CAMARA simSwap API based on Mobile Connect Account Takeover Protection API definition.
+ version: 0.1.0
+servers:
+ - url: https://api.server.test
+ description: API server providing CAMARA APIs
+tags:
+ - name: Mobile Connect ATP
+paths:
+ /token:
/token endpoint is part of the authentication flow and should not be here. All paths in this yaml file are supposed to have a common server and base path, so implementation could not hace distinct servers for /token and other resources
________________________________
In code/API_definitions/MC_ATP.yaml<#8 (comment)>:
+ simChange:
+ type: boolean
+ example: 'simChange: true'
+ isUncontidionalCallDivertActive:
+ type: string
+ isLostStolen:
+ type: boolean
+ deviceChange:
+ type: string
+ accountState:
+ type: string
+ enum:
+ - active
+ - inactive
+ required:
+ - simSwap
this property is not listed above
________________________________
In code/API_definitions/MC_ATP.yaml<#8 (comment)>:
+ application/json:
+ schema:
+ type: object
+ example:
+ access_token: mkmaJ53--rCK1SBUIjxzavoJCcFbx3453dKmZr39A8k
+ scope: mc_atp
+ token_type: Bearer
+ expires_in: '500'
+ /openid/userinfo:
+ post:
+ tags:
+ - Mobile Connect ATP
+ summary: User Info
+ description: userinfo
+ requestBody:
+ content: {}
No body definition?
—
Reply to this email directly, view it on GitHub<#8 (review)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/A3XZEQKLD4F2HRPX54EJRNTWNNGN3ANCNFSM6AAAAAAS6T7HGM>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
T-MOBILE POLSKA S.A. z siedzibą w Warszawie
Adres: ul. Marynarska 12, 02-674 Warszawa
Zarząd Spółki:
Andreas Maierhofer - Prezes Zarządu;
Juraj Andráš - Członek Zarządu, Dyrektor ds. Finansowych;
Dorota Kuprianowicz-Legutko – Członek Zarządu, Dyrektor ds. Polityki Personalnej;
Goran Marković – Członek Zarządu, Dyrektor ds. Rynku Prywatnego;
Alexander Jenbar – Członek Zarządu, Dyrektor ds. Technologii i Innowacji;
Agnieszka Rynkowska - Członek Zarządu, Dyrektor ds. Rynku Biznesowego.
Spółka zarejestrowana w Sądzie Rejonowym dla m.st. Warszawy w Warszawie,
XIII Wydział Gospodarczy Krajowego Rejestru Sądowego.
KRS 0000391193 | NIP 526-10-40-567 | Regon 011417295
Kapitał zakładowy 711.210.000 złotych, kapitał wpłacony w całości.
DUŻE ZMIANY ZACZYNAJĄ SIĘ OD MAŁYCH - CHROŃ PLANETĘ, NIE DRUKUJ TEGO E-MAILA, JEŻELI NIE MUSISZ.
Ta wiadomość i jej treść są zastrzeżone w szczegółowym zakresie dostępnym na http://www.t-mobile.pl/stopka
This e-mail and its contents are subject to a DISCLAIMER with important RESERVATIONS: see http://www.t-mobile.pl/stopka
|
@bigludo7 can you please review the code today and approve? thx! |
@bigludo7 please review the code - thx! |
tags: | ||
- name: Mobile Connect ATP | ||
paths: | ||
/token: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In CAMARA numberVerify proposal we have endpoints for /authorize & /token. We should have same pattern everywhere.
As this proposal is based on MC I'm fine with these endpoints but probably we could add a comment to indicate that they could be in a distinct server as mentionned by @jlurien
BTW, @jlurien in QoD API we have in the same swagger for both /sessions & notifications and they will not be implemented in same server.
@bigludo7 Regarding "in QoD API we have in the same swagger for both /sessions & notifications and they will not be implemented in same server." indeed it is a different server. In that case we opted to add a disclaimer in description:
|
Co-authored-by: Jose Luis Urien <jlurien@gmail.com>
Co-authored-by: Jose Luis Urien <jlurien@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Look good for me as a first version.
Agreed with @jlurien about /authorize & /token endpoints but should tackle this question globally for all API. This is probably a point worth to be discussed in Commonalities --> we need an issue for that.
No description provided.