search

AMWA-TV / is-10

AMWA IS-10 NMOS Authorization Specification
https://specs.amwa.tv/is-10
Apache License 2.0
3 stars 4 forks source link

Various edits following a proof read #86

Closed andrewbonney closed 3 years ago

andrewbonney commented 3 years ago

This PR is currently based on top of the client credentials PR so shouldn't be merged until that one is ready.

This is primarily an editorial update after proof reading, but also aims to address a couple of small areas that appeared unclear or unnecessary given how the spec has evolved.

lo-simon commented 3 years ago

I have few points to make.

  1. In APIs/AuthorizationAPI.raml under /{token_endpoint_path}, will it be good to include an example using client_credentials grant?
ClientCredentialsGrant:
  grant_type: client_credentials
  client_id: c1068569-80c1-48cf-982e-30c3f930dfe3
  client_assertion_type: urn:ietf:params:oauth:client-assertion-type:jwt-bearer
  client_assertion: eyJhbGciOiJSUzI1NiIsInR5cCI....

  1. under traits if we do take on the above example, maybe we should match the client_assertion: example eyJhbGciOiJFUzI1NiIsImtpZCI6IjE2In0 with the above example client_assertion: eyJhbGciOiJSUzI1NiIsInR5cCI.... too

  2. line 5 of docs/4.4. Behaviour - Access Tokens.md there is a typo of Aaccess

the rest are LGTM

lo-simon commented 3 years ago

some other changes required on those jwks related schemas

 APIs/schemas/jwks_response.json            | 45 +--------------------------
 APIs/schemas/jwks_schema.json              | 50 ++++++++++++++++++++++++++++++
 APIs/schemas/register_client_request.json  |  3 +-
 APIs/schemas/register_client_response.json |  3 +-
 4 files changed, 55 insertions(+), 46 deletions(-)

diff --git a/APIs/schemas/jwks_response.json b/APIs/schemas/jwks_response.json
index f34aab8..0959671 100644
--- a/APIs/schemas/jwks_response.json
+++ b/APIs/schemas/jwks_response.json
@@ -3,48 +3,5 @@
   "title": "JWKs Response",
   "description": "JSON Web Key Set to validate Access Token",
   "type": "object",
-  "properties": {
-    "keys": {
-      "description": "The value of the 'keys' parameter is an array of JWK values. By default, the order of the JWK values within the array does not imply an order of preference among them, although applications of JWK Sets can choose to assign a meaning to the order for their purposes, if desired.",
-      "type": "array",
-      "items": {
-        "type": "object",
-        "properties": {
-          "kty": {
-            "type": "string"
-          },
-          "use": {
-            "type": "string"
-          },
-          "key_ops": {
-            "type": "string"
-          },
-          "alg": {
-            "type": "string"
-          },
-          "kid": {
-            "type": "string"
-          },
-          "x5u": {
-            "type": "string",
-            "format": "uri"
-          },
-          "x5c": {
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
-          },
-          "x5t": {
-            "type": "string"
-          },
-          "x5t#S256": {
-            "type": "string"
-          }
-        },
-        "required": ["kty"]
-      }
-    }
-  },
-  "required": ["keys"]
+  "$ref": "jwks_schema.json"
 }
diff --git a/APIs/schemas/jwks_schema.json b/APIs/schemas/jwks_schema.json
new file mode 100644
index 0000000..44804be
--- /dev/null
+++ b/APIs/schemas/jwks_schema.json
@@ -0,0 +1,50 @@
+{
+  "$schema": "http://json-schema.org/draft-04/schema#",
+  "title": "JSON Web Key Set",
+  "description": "JSON Web Key Set to validate JSON Web Token",
+  "type": "object",
+  "properties": {
+    "keys": {
+      "description": "The value of the 'keys' parameter is an array of JWK values. By default, the order of the JWK values within the array does not imply an order of preference among them, although applications of JWK Sets can choose to assign a meaning to the order for their purposes, if desired.",
+      "type": "array",
+      "items": {
+        "type": "object",
+        "properties": {
+          "kty": {
+            "type": "string"
+          },
+          "use": {
+            "type": "string"
+          },
+          "key_ops": {
+            "type": "string"
+          },
+          "alg": {
+            "type": "string"
+          },
+          "kid": {
+            "type": "string"
+          },
+          "x5u": {
+            "type": "string",
+            "format": "uri"
+          },
+          "x5c": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "x5t": {
+            "type": "string"
+          },
+          "x5t#S256": {
+            "type": "string"
+          }
+        },
+        "required": ["kty"]
+      }
+    }
+  },
+  "required": ["keys"]
+}
diff --git a/APIs/schemas/register_client_request.json b/APIs/schemas/register_client_request.json
index f5a5657..cb7e5df 100644
--- a/APIs/schemas/register_client_request.json
+++ b/APIs/schemas/register_client_request.json
@@ -66,7 +66,8 @@
     },
     "jwks": {
       "description": "Client's JSON Web Key Set document value, which contains the client's public keys",
-      "type": "string"
+      "type": "object",
+      "$ref": "jwks_schema.json"
     },
     "software_id": {
       "description": "A unique identifier string (e.g. a UUID) assigned by the client developer or software publisher",
diff --git a/APIs/schemas/register_client_response.json b/APIs/schemas/register_client_response.json
index 1b3b8ac..c985b6e 100644
--- a/APIs/schemas/register_client_response.json
+++ b/APIs/schemas/register_client_response.json
@@ -85,7 +85,8 @@
     },
     "jwks": {
       "description": "Client's JSON Web Key Set document value, which contains the client's public keys",
-      "type": "string"
+      "type": "object",
+      "$ref": "jwks_schema.json"
     },
     "software_id": {
       "description": "A unique identifier string (e.g. a UUID) assigned by the client developer or software publisher",