From f19e24d1eee43515febd2ce19fddae824b258565 Mon Sep 17 00:00:00 2001 From: Jose Luis Urien Date: Fri, 17 Jan 2025 09:17:13 +0100 Subject: [PATCH] Clarify sinkCrreedentials expiration --- code/API_definitions/qod-provisioning.yaml | 4 ++-- code/API_definitions/quality-on-demand.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/code/API_definitions/qod-provisioning.yaml b/code/API_definitions/qod-provisioning.yaml index 5c4eeea4e0..ddc6db40a0 100644 --- a/code/API_definitions/qod-provisioning.yaml +++ b/code/API_definitions/qod-provisioning.yaml @@ -16,7 +16,7 @@ info: At least one identifier for the device (user equipment) out of four options: IPv4 address, IPv6 address, Phone number, or Network Access Identifier assigned by the network operator for the device, at the request time. After the provisioning request is accepted, the device may get different IP addresses, but the provisioning will still apply to the device that was identified during the request process. Note: Network Access Identifier is defined for future use and will not be supported with v0.1 of the API. * **Notification URL and token**: - Developers may provide a callback URL (`sink`) on which notifications about all status change events (eg. provisioning termination) can be received from the service provider. This is an optional parameter. The notification will be sent as a CloudEvent compliant message. If `sink` is included, it is RECOMMENDED for the client to provide as well the `sinkCredential` property to protect the notification endpoint. In the current version,`sinkCredential.credentialType` MUST be set to `ACCESSTOKEN` if provided. + Developers may provide a callback URL (`sink`) on which notifications about all status change events (eg. provisioning termination) can be received from the service provider. This is an optional parameter. The notification will be sent as a CloudEvent compliant message. If `sink` is included, it is RECOMMENDED for the client to provide as well the `sinkCredential` property to protect the notification endpoint. # Resources and Operations overview The API defines four operations: @@ -505,7 +505,7 @@ components: accessTokenExpiresUtc: type: string format: date-time - description: REQUIRED. An absolute UTC instant at which the token shall be considered expired. + description: REQUIRED. An absolute (UTC) timestamp at which the token shall be considered expired. Token expiration should occur after the termination of the requested provisioning, allowing the client to be notified of any changes during the provisioning's existence. If the token expires while the provisioning is still active, the client will stop receiving notifications. accessTokenType: description: REQUIRED. Type of the access token (See [OAuth 2.0](https://tools.ietf.org/html/rfc6749#section-7.1)). type: string diff --git a/code/API_definitions/quality-on-demand.yaml b/code/API_definitions/quality-on-demand.yaml index faf1f163d4..cb400e6c61 100644 --- a/code/API_definitions/quality-on-demand.yaml +++ b/code/API_definitions/quality-on-demand.yaml @@ -39,7 +39,7 @@ info: * **Notification URL and token**: Developers may provide a callback URL (`sink`) on which notifications about all status change events (eg. provisioning termination) can be received from the service provider. This is an optional parameter. The notification will be sent as a CloudEvent compliant message. - If `sink` is included, it is RECOMMENDED for the client to provide as well the `sinkCredential` property to protect the notification endpoint. In the current version,`sinkCredential.credentialType` MUST be set to `ACCESSTOKEN` if provided. + If `sink` is included, it is RECOMMENDED for the client to provide as well the `sinkCredential` property to protect the notification endpoint. In the current version, `sinkCredential.credentialType` MUST be set to `ACCESSTOKEN` if provided. # API functionality @@ -676,7 +676,7 @@ components: accessTokenExpiresUtc: type: string format: date-time - description: REQUIRED. An absolute UTC instant at which the token shall be considered expired. + description: REQUIRED. An absolute (UTC) timestamp at which the token shall be considered expired. Token expiration should occur after the expiration of the requested session, allowing the client to be notified of any changes during the session's existence. If the token expires while the session is still active, the client will stop receiving notifications. accessTokenType: description: REQUIRED. Type of the access token (See [OAuth 2.0](https://tools.ietf.org/html/rfc6749#section-7.1)). For the current version of the API the type MUST be set to `Bearer`. type: string