[BACK-2637] palmtree api #90
Conversation
This adds attestation and assertion documentation. Attestation is the verifying an app is a valid instance of an iOS app and assertion is requesting a secret of some kind after attestation is verified, in this case X.509 certificates that can be used for client authentication. Add response to successful assertion.
lostlevels
force-pushed
the
BACK-2637-palmtree-api
branch
from
b16b2b0 to
3523ade
Compare
| type: string | ||
| minLength: 1 | ||
| enum: | ||
| - Coastal |
There was a problem hiding this comment.
Since each of these enums aligns with a particular type of partner data, it would make sense to lift the oneOf up a level to the clientData object, so that a user can't supply "PalmTree" for the partner, which a verification from Coastal, and vice versa.
| content: | ||
| type: string | ||
| pattern: '^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$' | ||
| description: base64 encoded X.509 certificate in DER format. |
There was a problem hiding this comment.
Huh, kinda weird that they just don't use PEM here, but I guess base64-encoded DER saves a few bytes probably... shrug. Just a weird observation.
| type: object | ||
| properties: | ||
| type: | ||
| type: string |
There was a problem hiding this comment.
This is likely an enum of some sort?
| properties: | ||
| body: | ||
| type: string | ||
| description: PEM encoded certificate. |
There was a problem hiding this comment.
LOL, so Palm Tree uses PEM and Coastal Base64-encoded DER. Weird.
| @@ -0,0 +1,4 @@ | |||
| title: Base64 | |||
There was a problem hiding this comment.
Is this file referenced anywhere?
It'd be good if it could be used, as it's hard to proof check that regex pattern in the many places it's used, especially compared to proofchecking the spelling of "base64.v1.yaml" :D
|
I think we should we either a) close this PR as Won't Do, or b) go ahead but mark them deprecated right out of the gate. |
|
Won't Do. |
3 participants
Same as #58 , just trying to see if stoplight will update.