Clarify usage of security scheme in call back

camaraproject / QualityOnDemand

Repository to describe, develop, document and test the QualityOnDemand API family

https://wiki.camaraproject.org/x/zwOeAQ

Apache License 2.0

41 stars 59 forks source link

Clarify usage of security scheme in call back #75

Closed bhojpurS closed 1 year ago

bhojpurS commented 1 year ago

Callback api seems to use 'apikey' as a security mechanism but create session api defines 'notificationAuthToken' which is conflicting. Either we should use only 'oAuth2ClientCredentials' or we should remove 'notificationAuthToken'- from create session api.

hdamker commented 1 year ago

@bhojpurS: This is a duplicate to #31. apikey shouldn't be used in order to be compliant to https://github.com/camaraproject/WorkingGroups/blob/main/Commonalities/documentation/CAMARA-AuthN-AuthZ-Concept.md

hdamker commented 1 year ago

Closed as duplicate of #31