Open FabrizioMoggio opened 1 month ago
Also the Patch method has the same problem. When no device is used no Consent management can be performed. So also two PATCH methods must be used, one with Client/Credential and one with OpenId
Asked to Commonalities: https://github.com/camaraproject/Commonalities/discussions/245
Problem description The TI API adopted 3Legs authentication because it can provide back some information about the local of a device as a feedback of the traffic being influences in a certain zone or region. Anyway the device information is an option, the TI API can also be invoked in a generic way effecting all the connection toward an application
Expected behavior 3legs is expected when a device info is passed and it is not expected when a device is not provided as input. Currently Device is an optional parameter for the /traffic-influences POST method. The "security schema" for that method is "openId" while actually if the Device parameter is not used it should just be client credential. Is there a way to manage this situation with just one operation?
Alternative solution this is solved if we create to operations: 1) POST with openId to create a TI Resource for a Device 2) another POST with client/credential to create a generic TI Resource for any Device