Skip to content

Instantly share code, notes, and snippets.

@OR13

OR13/scopes.md

Last active July 21, 2021 19:57
Show Gist options
  • Save OR13/5c01814fb1cf929c4d0cc15ecca6a73d to your computer and use it in GitHub Desktop.
Save OR13/5c01814fb1cf929c4d0cc15ecca6a73d to your computer and use it in GitHub Desktop.
Download ZIP
vc-http-api scopes
Raw
scopes.md 
components:
  securitySchemes:
    OAuth2:
      type: oauth2
      flows:
        authorizationCode:
          authorizationUrl: https://example.com/oauth/authorize
          tokenUrl: https://example.com/oauth/token
          scopes:
            'create:credentials': Grants permission to create credentials
            'derive:credentials': Grants permission to derive credentials
            'create:presentations': Grants permission to create presentations
            'verify:presentations': Grants permission to verify presentations
            'exchange:presentations': Grants permission to exchange presentations
@jricher
Copy link

jricher commented Jul 20, 2021 

actions: [ create, derive, verify, exchange ]
datatypes: [ credentials, presentations ]

@OR13
Copy link
Author

OR13 commented Jul 21, 2021
edited
Loading 

const accessToken = await getAccessTokenSilently({
    audience: `https://${domain}/api/v2/`,
    scope: "create:credentials",
});

what does the RAR version of this look like?

@jricher
Copy link

jricher commented Jul 21, 2021

You're no longer comparing protocols, you're comparing libraries. So, making up a function syntax, it would be something like:

const accessToken = await getAccessTokenSilently({
    audience: `https://${domain}/api/v2/`,
    action: "create",
    datatype: "credentials"
});

This would result in a RAR request something like (assuming "example.com" for the $domain variable above):

[{
    "type": "vha",
    "locations": [ "https://example.com/api/v2/" ],
    "actions": ["create"],
    "datatypes": ["credentials"]
}]

@brianorwhatever
Copy link

brianorwhatever commented Jul 21, 2021
edited
Loading

vha being vc-http-api or whatever it ends up being called I'm guessing. Would this type be defined somewhere, what's the significance of it?

Edit reading your e-mail on the mailing list now which I believe clears this up

@jricher
Copy link

jricher commented Jul 21, 2021

The type parameter in RAR/GNAP defines what else is allowed to go into the object. Here vha being a stand-in for something more like https://w3c.org/ccg/vh-http-api, to be defined by the spec. It's a namespacing device, and a URL is used there to avoid conflicts. It's not expected to download or mechanically process what's at the URL, it's just to keep it out of other people's spaces. This spec could use vha but it's not recommended because the Virtual Hats API could also try to use vha and that would be confusing. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment