GG-7031 added open api spec files #87
Conversation
|
| version: '1.0' | ||
| servers: | ||
| - url: https://api.service.hmrc.gov.uk/ | ||
| variables: {} |
There was a problem hiding this comment.
At root level, we need to insert a securitySchemes property as per this example: https://github.com/hmrc/open-api-example-microservice/blob/main/resources/public/api/conf/1.0/application.yaml#L42.
Ensure the scopes match those provided in the API definition: https://github.com/hmrc/openid-connect-userinfo/blob/main/app/views/definition.scala.txt.
Finally, each endpoint needs a security property declaring to which scopes it is restricted, as shown on these lines:
- https://github.com/hmrc/open-api-example-microservice/blob/main/resources/public/api/conf/1.0/application.yaml#L91
- https://github.com/hmrc/open-api-example-microservice/blob/main/resources/public/api/conf/1.0/application.yaml#L137
- https://github.com/hmrc/open-api-example-microservice/blob/main/resources/public/api/conf/1.0/application.yaml#L184
You may need to refer to the RAML or consult someone familiar with this service to determine what those restrictions are.
There was a problem hiding this comment.
Just 1 more change (to Scopes.md) needed from what I see.
My understanding of security schemes is a little shaky, TBH, but your changes look good and in my experience the pipeline will tell you if you went wrong somewhere. Ultimately, we can always rely on Team API to answer any questions. :)
| @@ -2,7 +2,7 @@ Access to user information is controlled through scopes. Each access token (OAut | |||
|
|
|||
There was a problem hiding this comment.
Scopes.md can be deleted. All its content is included in the OAS YAML info.description property.
There was a problem hiding this comment.
was planning to delete all the legacy docs/files in a separate PR once its been validated
No description provided.