Closed AxelNennker closed 4 weeks ago
AxelNennker
commented
4 weeks ago Some implementations removed openid authorization code flow https://github.com/camaraproject/QualityOnDemand_PI1/pull/12 Whether you agree with that PR or not, there should be guidleline on OAuth2 client credentials.
AxelNennker
commented
4 weeks ago Some implementations removed openid authorization code flow https://github.com/camaraproject/QualityOnDemand_PI1/pull/12
AxelNennker
commented
4 weeks ago Additionally to API consumers not knowing which flow is applicable for some Camara APIs, the missing security schemes also mean that the telcos do not know what security scheme needs to be implemented and is availabe for that API.
The flow description in the OpenAPI yaml files helps API Consumers and telcos.
Forcing all API subgroup into using writing the openid security scheme into their yaml files is not helping API consumers and is not helping telcos.
AxelNennker
commented
4 weeks ago After DT-internal discussion closing this
What type of PR is this?
What this PR does / why we need it:
This PR adds an OAuth2 client credentials security scheme
Some Camara APIs, like PopulationDensityData, do not involve personal data. Those APIs need a guideline on using OAuth2 client credentials.