New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve documentation around /account/whoami #1152
Changes from 2 commits
2e4e5e2
5285dbc
6ba5d7c
b7f8f20
159ab73
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -29,7 +29,13 @@ paths: | |
get: | ||
summary: Gets information about the owner of an access token. | ||
description: |- | ||
Gets information about the owner of a given access token. | ||
Gets information about the owner of a given access token. | ||
|
||
If the owner of the access token is an application service, | ||
the server should return the user ID making the request. The | ||
server should respect the application service client/server API | ||
extensions during this request. If the request is made for a | ||
virtual user, the server should verify that it is registered. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. should I know what a virtual user is? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Readers should be, or can at least become aware of what this means by reading the appservice spec. |
||
operationId: getTokenOwner | ||
security: | ||
- accessToken: [] | ||
|
@@ -40,14 +46,38 @@ paths: | |
The token belongs to a known user. | ||
examples: | ||
application/json: { | ||
"user_id": "@joe:example.org" | ||
} | ||
"user_id": "@joe:example.org" | ||
} | ||
schema: | ||
type: object | ||
required: ["user_id"] | ||
properties: | ||
user_id: | ||
type: string | ||
description: The user id that owns the access token. | ||
401: | ||
description: | ||
The token is not recongized | ||
examples: | ||
application/json: { | ||
"errcode": "M_UNKNOWN_TOKEN", | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Typo: you want to use "Unrecognized" |
||
"error": "Unrecongised access token." | ||
} | ||
schema: | ||
"$ref": "definitions/error.yaml" | ||
403: | ||
description: | ||
The appservice cannot masquerade the user or has not registered them. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. masquerade as |
||
examples: | ||
application/json: { | ||
"errcode": "M_FORBIDDEN", | ||
"error": "Application service has not registered this user." | ||
} | ||
schema: | ||
"$ref": "definitions/error.yaml" | ||
429: | ||
description: This request was rate-limited. | ||
schema: | ||
"$ref": "definitions/error.yaml" | ||
tags: | ||
- User data |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure "the user ID making the request" is clear.
Presumably this refers to the user_id specified as a query param? Could you say that?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, although that parameter is optional (which therefore makes the request by the bridge bot)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, sorry, but I'm afraid this isn't any clearer to me at all :/.
To me, in the AS model, "the user ID making the request" is the AS user; the AS user can masquerade as a user within its namespace by providing a user_id parameter.
So the server should not return the user ID making the request.
Rather than all this blurb, which is common to most of the C-S API, I would say something like:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yours is a lot clearer and what I was trying to say. I'm just bad with words this time around it seems.
Taken nearly verbatim (minor edits).