From 0d4609b8498737be734fe6a14045d2ee8a4e5248 Mon Sep 17 00:00:00 2001 From: Thorsten Lohmar Date: Thu, 27 Feb 2025 13:53:45 +0100 Subject: [PATCH 1/5] Adding scopes and security OIDC scheme. --- .../dedicated-network-accesses.yaml | 16 ++++++++++++++++ .../dedicated-network-profiles.yaml | 10 ++++++++++ code/API_definitions/dedicated-network.yaml | 15 +++++++++++++++ 3 files changed, 41 insertions(+) diff --git a/code/API_definitions/dedicated-network-accesses.yaml b/code/API_definitions/dedicated-network-accesses.yaml index e4bd43f..3d49857 100644 --- a/code/API_definitions/dedicated-network-accesses.yaml +++ b/code/API_definitions/dedicated-network-accesses.yaml @@ -25,6 +25,9 @@ paths: - Accesses summary: Get a list of device accesses to dedicated networks, optionally filtered for a given device and/or for a given dedicated network operationId: listNetworkAccesses + security: + - openId: + - dedicated-networks:accesses:read parameters: - name: networkId in: query @@ -59,6 +62,9 @@ paths: - Accesses summary: Create a device access to a dedicated network with given configuration operationId: createNetworkAccess + security: + - openId: + - dedicated-networks:access:create requestBody: content: application/json: @@ -96,6 +102,9 @@ paths: - Accesses summary: Get a device access to the dedicated network and its configuration operationId: readNetworkAccess + security: + - openId: + - dedicated-networks:access:read parameters: - name: accessId in: path @@ -128,6 +137,9 @@ paths: - Accesses summary: Delete a device access to the dedicated network operationId: deleteNetworkAccess + security: + - openId: + - dedicated-networks:access:destroy parameters: - name: accessId in: path @@ -152,6 +164,10 @@ paths: $ref: "#/components/responses/Generic503" components: + securitySchemes: + openId: + type: openIdConnect + openIdConnectUrl: https://example.com/.well-known/openid-configuration parameters: x-correlator: diff --git a/code/API_definitions/dedicated-network-profiles.yaml b/code/API_definitions/dedicated-network-profiles.yaml index aa167f9..5555e2e 100644 --- a/code/API_definitions/dedicated-network-profiles.yaml +++ b/code/API_definitions/dedicated-network-profiles.yaml @@ -21,6 +21,9 @@ paths: - Profiles summary: Read dedicated network profiles operationId: readNetworkProfiles + security: + - openId: + - dedicated-networks:profiles:read parameters: - $ref: "#/components/parameters/x-correlator" responses: @@ -50,6 +53,9 @@ paths: - Profiles summary: Read a dedicated network profile operationId: readNetworkProfile + security: + - openId: + - dedicated-networks:profile:read parameters: - name: profileId in: path @@ -78,6 +84,10 @@ paths: $ref: "#/components/responses/Generic503" components: + securitySchemes: + openId: + type: openIdConnect + openIdConnectUrl: https://example.com/.well-known/openid-configuration parameters: x-correlator: diff --git a/code/API_definitions/dedicated-network.yaml b/code/API_definitions/dedicated-network.yaml index ec0f6e5..1aadecd 100644 --- a/code/API_definitions/dedicated-network.yaml +++ b/code/API_definitions/dedicated-network.yaml @@ -24,6 +24,9 @@ paths: - Networks summary: Get a list of dedicated networks operationId: listNetworks + security: + - openId: + - dedicated-networks:networks:read parameters: - $ref: "#/components/parameters/x-correlator" responses: @@ -52,6 +55,9 @@ paths: - Networks summary: Request to create a dedicated network operationId: createNetwork + security: + - openId: + - dedicated-networks:network:create requestBody: required: true content: @@ -137,6 +143,9 @@ paths: - Networks summary: Get the current information about a dedicated network operationId: readNetwork + security: + - openId: + - dedicated-networks:network:read parameters: - name: networkId in: path @@ -160,6 +169,9 @@ paths: - Networks summary: Destroy a dedicated network operationId: deleteNetwork + security: + - openId: + - dedicated-networks:network:destroy parameters: - name: networkId in: path @@ -185,6 +197,9 @@ paths: components: securitySchemes: + openId: + type: openIdConnect + openIdConnectUrl: https://example.com/.well-known/openid-configuration notificationsBearerAuth: description: Bearer authentication for notifications type: http From 43bdc15e6dcc1ef88c8bdddd1829d1471fe2a445 Mon Sep 17 00:00:00 2001 From: Thorsten Lohmar Date: Sun, 9 Mar 2025 15:52:01 +0100 Subject: [PATCH 2/5] Aligning scope name with yaml filename. --- code/API_definitions/dedicated-network-accesses.yaml | 8 ++++---- code/API_definitions/dedicated-network-profiles.yaml | 4 ++-- code/API_definitions/dedicated-network.yaml | 8 ++++---- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/code/API_definitions/dedicated-network-accesses.yaml b/code/API_definitions/dedicated-network-accesses.yaml index 3d49857..af4c179 100644 --- a/code/API_definitions/dedicated-network-accesses.yaml +++ b/code/API_definitions/dedicated-network-accesses.yaml @@ -27,7 +27,7 @@ paths: operationId: listNetworkAccesses security: - openId: - - dedicated-networks:accesses:read + - dedicated-network:accesses:read parameters: - name: networkId in: query @@ -64,7 +64,7 @@ paths: operationId: createNetworkAccess security: - openId: - - dedicated-networks:access:create + - dedicated-network:access:create requestBody: content: application/json: @@ -104,7 +104,7 @@ paths: operationId: readNetworkAccess security: - openId: - - dedicated-networks:access:read + - dedicated-network:access:read parameters: - name: accessId in: path @@ -139,7 +139,7 @@ paths: operationId: deleteNetworkAccess security: - openId: - - dedicated-networks:access:destroy + - dedicated-network:access:destroy parameters: - name: accessId in: path diff --git a/code/API_definitions/dedicated-network-profiles.yaml b/code/API_definitions/dedicated-network-profiles.yaml index 5555e2e..d03b6d3 100644 --- a/code/API_definitions/dedicated-network-profiles.yaml +++ b/code/API_definitions/dedicated-network-profiles.yaml @@ -23,7 +23,7 @@ paths: operationId: readNetworkProfiles security: - openId: - - dedicated-networks:profiles:read + - dedicated-network:profiles:read parameters: - $ref: "#/components/parameters/x-correlator" responses: @@ -55,7 +55,7 @@ paths: operationId: readNetworkProfile security: - openId: - - dedicated-networks:profile:read + - dedicated-network:profile:read parameters: - name: profileId in: path diff --git a/code/API_definitions/dedicated-network.yaml b/code/API_definitions/dedicated-network.yaml index 1aadecd..a5aec31 100644 --- a/code/API_definitions/dedicated-network.yaml +++ b/code/API_definitions/dedicated-network.yaml @@ -26,7 +26,7 @@ paths: operationId: listNetworks security: - openId: - - dedicated-networks:networks:read + - dedicated-network:networks:read parameters: - $ref: "#/components/parameters/x-correlator" responses: @@ -57,7 +57,7 @@ paths: operationId: createNetwork security: - openId: - - dedicated-networks:network:create + - dedicated-network:network:create requestBody: required: true content: @@ -145,7 +145,7 @@ paths: operationId: readNetwork security: - openId: - - dedicated-networks:network:read + - dedicated-network:network:read parameters: - name: networkId in: path @@ -171,7 +171,7 @@ paths: operationId: deleteNetwork security: - openId: - - dedicated-networks:network:destroy + - dedicated-network:network:destroy parameters: - name: networkId in: path From a05e909e37428fefb4b1eae7d2f49a61a4530449 Mon Sep 17 00:00:00 2001 From: Thorsten Lohmar Date: Mon, 10 Mar 2025 10:00:26 +0100 Subject: [PATCH 3/5] Changing from destroy to delete --- code/API_definitions/dedicated-network-accesses.yaml | 2 +- code/API_definitions/dedicated-network.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/code/API_definitions/dedicated-network-accesses.yaml b/code/API_definitions/dedicated-network-accesses.yaml index af4c179..59bd930 100644 --- a/code/API_definitions/dedicated-network-accesses.yaml +++ b/code/API_definitions/dedicated-network-accesses.yaml @@ -139,7 +139,7 @@ paths: operationId: deleteNetworkAccess security: - openId: - - dedicated-network:access:destroy + - dedicated-network:access:delete parameters: - name: accessId in: path diff --git a/code/API_definitions/dedicated-network.yaml b/code/API_definitions/dedicated-network.yaml index a5aec31..f6a5011 100644 --- a/code/API_definitions/dedicated-network.yaml +++ b/code/API_definitions/dedicated-network.yaml @@ -167,11 +167,11 @@ paths: delete: tags: - Networks - summary: Destroy a dedicated network + summary: Delete a dedicated network operationId: deleteNetwork security: - openId: - - dedicated-network:network:destroy + - dedicated-network:network:delete parameters: - name: networkId in: path From b750fe231be27a8a50656a70aee11b8b2fc965ec Mon Sep 17 00:00:00 2001 From: Thorsten Lohmar Date: Sun, 23 Mar 2025 23:20:19 +0100 Subject: [PATCH 4/5] Using OAuth Client Credentials. --- .../dedicated-network-accesses.yaml | 21 ++++++++++++------ .../dedicated-network-profiles.yaml | 15 ++++++++----- code/API_definitions/dedicated-network.yaml | 22 +++++++++++++------ 3 files changed, 39 insertions(+), 19 deletions(-) diff --git a/code/API_definitions/dedicated-network-accesses.yaml b/code/API_definitions/dedicated-network-accesses.yaml index 59bd930..5aa12d8 100644 --- a/code/API_definitions/dedicated-network-accesses.yaml +++ b/code/API_definitions/dedicated-network-accesses.yaml @@ -26,7 +26,7 @@ paths: summary: Get a list of device accesses to dedicated networks, optionally filtered for a given device and/or for a given dedicated network operationId: listNetworkAccesses security: - - openId: + - oAuth2: - dedicated-network:accesses:read parameters: - name: networkId @@ -63,7 +63,7 @@ paths: summary: Create a device access to a dedicated network with given configuration operationId: createNetworkAccess security: - - openId: + - oAuth2: - dedicated-network:access:create requestBody: content: @@ -103,7 +103,7 @@ paths: summary: Get a device access to the dedicated network and its configuration operationId: readNetworkAccess security: - - openId: + - oAuth2: - dedicated-network:access:read parameters: - name: accessId @@ -138,7 +138,7 @@ paths: summary: Delete a device access to the dedicated network operationId: deleteNetworkAccess security: - - openId: + - oAuth2: - dedicated-network:access:delete parameters: - name: accessId @@ -165,9 +165,16 @@ paths: components: securitySchemes: - openId: - type: openIdConnect - openIdConnectUrl: https://example.com/.well-known/openid-configuration + oAuth2: + type: oauth2 + flows: + clientCredentials: + tokenUrl: https://api.example.com/oauth/token + scopes: + dedicated-network:accesses:read: Get a list of device accesses for networks + dedicated-network:access:create: Create a device access to a network with given configuration + dedicated-network:access:read: Get a device access for the network and its configuration + dedicated-network:access:delete: Delete a device access to a network parameters: x-correlator: diff --git a/code/API_definitions/dedicated-network-profiles.yaml b/code/API_definitions/dedicated-network-profiles.yaml index d03b6d3..fb94d88 100644 --- a/code/API_definitions/dedicated-network-profiles.yaml +++ b/code/API_definitions/dedicated-network-profiles.yaml @@ -22,7 +22,7 @@ paths: summary: Read dedicated network profiles operationId: readNetworkProfiles security: - - openId: + - oAuth2: - dedicated-network:profiles:read parameters: - $ref: "#/components/parameters/x-correlator" @@ -54,7 +54,7 @@ paths: summary: Read a dedicated network profile operationId: readNetworkProfile security: - - openId: + - oAuth2: - dedicated-network:profile:read parameters: - name: profileId @@ -85,9 +85,14 @@ paths: components: securitySchemes: - openId: - type: openIdConnect - openIdConnectUrl: https://example.com/.well-known/openid-configuration + oAuth2: + type: oauth2 + flows: + clientCredentials: + tokenUrl: https://api.example.com/oauth/token + scopes: + dedicated-network:profiles:read: Read network profiles + dedicated-network:profile:read: Read a network profile parameters: x-correlator: diff --git a/code/API_definitions/dedicated-network.yaml b/code/API_definitions/dedicated-network.yaml index f6a5011..e5d9c3d 100644 --- a/code/API_definitions/dedicated-network.yaml +++ b/code/API_definitions/dedicated-network.yaml @@ -25,7 +25,7 @@ paths: summary: Get a list of dedicated networks operationId: listNetworks security: - - openId: + - oAuth2: - dedicated-network:networks:read parameters: - $ref: "#/components/parameters/x-correlator" @@ -56,7 +56,7 @@ paths: summary: Request to create a dedicated network operationId: createNetwork security: - - openId: + - oAuth2: - dedicated-network:network:create requestBody: required: true @@ -144,7 +144,7 @@ paths: summary: Get the current information about a dedicated network operationId: readNetwork security: - - openId: + - oAuth2: - dedicated-network:network:read parameters: - name: networkId @@ -170,7 +170,7 @@ paths: summary: Delete a dedicated network operationId: deleteNetwork security: - - openId: + - oAuth2: - dedicated-network:network:delete parameters: - name: networkId @@ -197,9 +197,17 @@ paths: components: securitySchemes: - openId: - type: openIdConnect - openIdConnectUrl: https://example.com/.well-known/openid-configuration + oAuth2: + type: oauth2 + flows: + clientCredentials: + tokenUrl: https://api.example.com/oauth/token + scopes: + dedicated-network:networks:read: Get a list of networks + dedicated-network:network:create: Create a dedicated network + dedicated-network:network:read: Get the current information about a network + dedicated-network:network:delete: Delete a Network + notificationsBearerAuth: description: Bearer authentication for notifications type: http From 1b942d7ff309b0950d1cdb11b322f63dc127ca45 Mon Sep 17 00:00:00 2001 From: Thorsten Lohmar Date: Mon, 24 Mar 2025 08:20:43 +0100 Subject: [PATCH 5/5] Correcting indentation. --- code/API_definitions/dedicated-network-accesses.yaml | 4 ++-- code/API_definitions/dedicated-network-profiles.yaml | 4 ++-- code/API_definitions/dedicated-network.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/code/API_definitions/dedicated-network-accesses.yaml b/code/API_definitions/dedicated-network-accesses.yaml index 5aa12d8..2b670a0 100644 --- a/code/API_definitions/dedicated-network-accesses.yaml +++ b/code/API_definitions/dedicated-network-accesses.yaml @@ -166,8 +166,8 @@ paths: components: securitySchemes: oAuth2: - type: oauth2 - flows: + type: oauth2 + flows: clientCredentials: tokenUrl: https://api.example.com/oauth/token scopes: diff --git a/code/API_definitions/dedicated-network-profiles.yaml b/code/API_definitions/dedicated-network-profiles.yaml index fb94d88..691e7f6 100644 --- a/code/API_definitions/dedicated-network-profiles.yaml +++ b/code/API_definitions/dedicated-network-profiles.yaml @@ -86,8 +86,8 @@ paths: components: securitySchemes: oAuth2: - type: oauth2 - flows: + type: oauth2 + flows: clientCredentials: tokenUrl: https://api.example.com/oauth/token scopes: diff --git a/code/API_definitions/dedicated-network.yaml b/code/API_definitions/dedicated-network.yaml index e5d9c3d..841a41a 100644 --- a/code/API_definitions/dedicated-network.yaml +++ b/code/API_definitions/dedicated-network.yaml @@ -198,8 +198,8 @@ paths: components: securitySchemes: oAuth2: - type: oauth2 - flows: + type: oauth2 + flows: clientCredentials: tokenUrl: https://api.example.com/oauth/token scopes: