Closed slifty closed 4 months ago
At some point it might be reasonable to come up with a good way to load users with an alternative ID (not just a filter) -- e.g. /users/authenticationId/{authenticationId}
but there are some API design decisions I'd rather not have to think through to meet our immediate need.
@slifty FWIW, it's trivial for us to attach the sub
to the request, so /users/me
isn't actually necessary (as cool as it is). In case you're prioritizing.
@reefdog ok good to know -- I do like it as a concept (and it'll be easy to add) but I think I'll capture it as a separate issue then and knock it out when I have a moment.
Users are generally an internal entity right now but we have some need to expose the user ID for the current user in order to supply
createdBy
filters (see #939).So, let's make a GET
/users
endpoint possibly with support for anauthenticationId
filter, and possibly with a special/users/me
endpoint as well.In terms of access control I could either:
/users
require the administrative role./users
require an auth context and then restrict the users returned based on auth context (e.g. if you aren't an admin the only user you can see is yourself)/users/me
that returns your single authenticated user.I'm planning to do both 2 + 3.