Owen Rubel
Owen Rubel
@tedepstein "If we can separate roles, so that OpenAPI consumers don't have to be responsible for piecing together the API description from its constituent parts, I think that would be...
Nice of you to minimize the fact I pointed a security risk but the security risk still exists.
Bringing it up again folks. Since when a token is supplied during a client request (note I said, the token is supplied so this is AFTER the OAUTH handshake), the...
and BTW, you can separate what you need for an intial handshake but you can't separate what you need for basic RBAC association with endpoints (as pointed out above). Every...
You are basically over complicating and mixing FUNCTION with DATA; the idea is to abstract these two. These docs are meant to reference data that is shared across the architecture...
@smyrman "where all requests generally happen against the same endpoint"??? The endpoint is 'controller/method'; for each separate controller/method, its a separate endpoint . This is where the request/response meet on...
@smyrman Thats because they are sending 'method' in the passed data (which is unusual for RPC); look at how JSON-RPC passes data. gRPC encodes the controller/method in the URI just...
@Cahl-Dee Thats how it is used in Spring and Springboot https://www.baeldung.com/spring-rest-openapi-documentation. So I don't see how it isn't good at it when it is doing it fine. That's an RPC...
"I would like the validation proxy to not follow redirects by default" Then you should be using FORWARDS rather than REDIRECTS and avoid dropping threads and reissuing request/response
You have several other issues as well; you have to avoid 'redirects' which can cause additional 'REQUESTS' and changes in I/O pathing which will cause additional REQUEST in distributed architectures....