jlurien
commented
1 year ago Hello @jlurien I like the idea to standardize the security scope across all APIs but one comment: Is it only a DeviceLocation project decision or a global CAMARA one ? probably this is something that we should propose to Commonalities?
I think it is something pending to agree on consistent guidelines for security, securitySchemes and scopes across all WGs. There is already an issue on Commonalities for the scope format. One thing to review also is when to allow clientCredentials or authorizationCode. There is a debate about this in Identity WG.
To me it would be more flexible to define openidConnect as securityScheme and define scopes for it. In the end, OIDC is probably what we will use and it relies on a .well_known endpoint lo learn about the supported authentication flows
What type of PR is this?
What this PR does / why we need it:
Adjust security scopes naming to api_name:[resource:]action, to be aligned with suggestions for #74
Which issue(s) this PR fixes:
n/a
Special notes for reviewers:
If OK, we should also adjust #55