Set Device Object To Optional - According to API Design Guidelines

[dfischer-tech]

What type of PR is this?

Add one of the following kinds:

• correction

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes #297

Changelog input

 release-note
 Update geofencing-subscriptions.yaml to make the Device object optional.

Additional documentation

None

[bigludo7]

LGTM

[maxl2287]

Thanks @dfischer-tech for raising up this PR!
Could you please also update the info.description by adding the information about how to identify the device from the access-token:

    # Identifying the device from the access token

    This API requires the API consumer to identify a device as the subject of the API as follows:
    - When the API is invoked using a two-legged access token, the subject will be identified from the optional `device` object, which therefore MUST be provided.
    - When a three-legged access token is used however, this optional identifier MUST NOT be provided, as the subject will be uniquely identified from the access token.

    This approach simplifies API usage for API consumers using a three-legged access token to invoke the API by relying on the information that is associated with the access token and was identified during the authentication process.

(see:

DeviceLocation/code/API_definitions/location-retrieval.yaml

Lines 73 to 77 in 5e81e4e

	# Identifying the device from the access token
	This API requires the API consumer to identify a device as the subject of the API as follows:
	- When the API is invoked using a two-legged access token, the subject will be identified from the optional `device` object, which therefore MUST be provided.
	- When a three-legged access token is used however, this optional identifier MUST NOT be provided, as the subject will be uniquely identified from the access token.

)

[maxl2287]

LGTM

[jlurien]

If we opted to remove device as required in the request, we would need to remove it as well in the event contents. schemas AreaLeft, AreaEntered, SubscriptionEnds, and probably add some guideline that device must not be included in the event if not explicitly provided in the request

[dfischer-tech]

If we opted to remove device as required in the request, we would need to remove it as well in the event contents. schemas AreaLeft, AreaEntered, SubscriptionEnds, and probably add some guideline that device must not be included in the event if not explicitly provided in the request

Hi @jlurien,
Thank you for your review and comment.
The device is set to "optional" to prevent conflicts when it has already been identified via an access token (which would otherwise result in a 422 - UNNECESSARY_IDENTIFIER).
However, the device still needs to be identified; otherwise, a 422 - MISSING_IDENTIFIER error would occur, with the message:

"An identifier is not included in the request and the device or phone number identification cannot be derived from the 3-legged access token."

Therefore, we do not need to explicitly remove it from the event contents (schemas: AreaLeft, AreaEntered, SubscriptionEnds),
because it must be there/identified.

Clarification about the device needed

[maxl2287]

@dfischer-tech

For a better understanding I would like to reference here as well to QualityOnDemand:

Note that the device object is defined as optional and will only to be returned if provided in createSession.
(https://github.com/camaraproject/QualityOnDemand/blob/r2.1/code/API_definitions/quality-on-demand.yaml#L502)

Means that we only would like to provide information about the device, if this was explicitly provided by the user.
Or in other words: only when a 2-legged-token was used and the device is required to be in the request-body then we have to add the device also in the:

• $.config.subscriptionDetail of the response
• $.data in the cloud-event

If we are dealing with a 3-legged-token I aggree with @jlurien that we also have to remove the mandatory device-object from the CloudEvent $.data

DeviceStatus is doing it the same to just provide the subscriptionId as an identifier:

    BasicDeviceEventData:
      description: Event detail structure for basic device events
      type: object
      required:
        - subscriptionId
      properties:
        device:
          $ref: "#/components/schemas/Device"
        subscriptionId:
          $ref: "#/components/schemas/SubscriptionId"

https://github.com/camaraproject/DeviceStatus/blob/r2.1/code/API_definitions/device-roaming-status-subscriptions.yaml#L934-L943

[dfischer-tech]

@jlurien @maxl2287
Thank you for the notice – understood and accepted.

[maxl2287]

LGTM

[bigludo7]

LGTM

[jlurien]

@dfischer-tech , @maxl2287 The changes are OK, but we have to revert versions to wip and /vwip in the URL before merging (as in #303). At the same time, issue #302 could be fixed in this PR

[maxl2287]

@jlurien @bigludo7
Let's set back the versions via #305 first so we have a seperate PR for it.

[jlurien]

@jlurien @bigludo7 Let's set back the versions via #305 first so we have a seperate PR for it.

@dfischer-tech @maxl2287 already merged

[maxl2287]

@jlurien @bigludo7 PR is now synced

[jlurien]

LGTM