Closed philbuettner closed 5 years ago
aedelmann
commented
5 years ago Hi @philbuettner I agree, this makes only little sense for this generated OpenAPI Swagger Documentation to use BoschID. We should remove it and only provide the bearer token variant. Would that work for you ?
philbuettner
commented
5 years ago I would suggest to keep bearerAuth and thingsApiToken.
aedelmann
commented
5 years ago @philbuettner AFAIK, the thingsApiToken is not required, if bearer token is passed along to Things, or am I wrong ?
philbuettner
commented
5 years ago Yes, you are right! We only need the bearerAuth.
aedelmann
commented
5 years ago Removed Bosch ID and only specified bearerToken in generated spec.
The OpenAPI documents generated via the OpenAPI generator provides an 'Authorize'-Button. Besides the token based authorization mechanisms bearerAuth and thingsApiToken, there is also an authorization code grant flow via BoschID provided.
But without the ability as a 'normal' user to define an authorization callback URL via CIAM, it is difficult to use the Bosch ID. Also, even if one could define an authorization callback URL, how will one make an endpoint available to complete the authorization code grant flow?
I wonder, if it makes sense to list the BoschID as available authorization for the OpenAPI document? What is the background of this?