feat(profiles): server-required profiles #1354
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2226,6 +2226,28 @@ because the value for the `updated` key is not recognized under the profile's | |
| requirement that the `updated` key hold a string of the form produced by | ||
| `JSON.stringify`. | ||
|
|
||
| ### <a href="#profiles-required" id="profiles-required" class="headerlink"></a> Server-Required Profiles | ||
|
|
||
| Generally, servers should not require that clients apply specific profiles to | ||
| their requests, as such requirements reduce interoperability. | ||
|
|
||
| However, in many common cases, a server does require that clients provide | ||
| certain data (e.g., authentication credentials), and it **MAY** require that | ||
| this data be provided by applying a specific profile (or any one profile from | ||
|
There was a problem hiding this comment. I find this example not very convincing. I cannot imagine authentication is often embedded into JSON:API documents. Authentication is an orthogonal concern. Which leaves me wondering: what is a good example of this? Why is this "common"? There was a problem hiding this comment. I think it's strange that this statement broadly contradicts the one before it by saying "Generally servers should not require profiles" and then "in many common cases, servers can require profiles". I think it's hard to think of an example where extra data must be provided (a There was a problem hiding this comment.
Authentication isn't a great example; I was imagining a case where maybe a request signature could show up in the body (e.g., in top-level
How would you suggest wording it? There was a problem hiding this comment.
There was a problem hiding this comment. My theory here is that:
|
||
| a set of supported profiles) to the request. | ||
|
|
||
| In the event that the server requires the client to apply a profile to its | ||
| request, and the client fails to do so, the server **MUST** send a | ||
| `415 Unsupported Media Type` error. | ||
|
|
||
| In the error's response body, there **MUST** be an [error object] for each | ||
| required profile that is missing, and this error object **MUST**: | ||
|
|
||
| 1. have a `type` who's URI is `http://jsonapi.org/errors/missing-required-profile` | ||
| 2. include the URI of the missing profile in the `extension` member of the | ||
|
|
||
| `missing` object, with the `alternatives` key provided if the client could've | ||
| used other profiles instead to satisfy the server's requirements. | ||
|
|
||
| ### <a href="#profiles-authoring" id="profiles-authoring" class="headerlink"></a> Authoring Profiles | ||
|
|
||
| A profile **MAY** assign meaning to elements of the document structure whose use | ||
|
|
@@ -2371,6 +2393,23 @@ An error object **MAY** have the following members: | |
| exists; if it doesn't, the client **SHOULD** simply ignore the pointer. | ||
| * `parameter`: a string indicating which URI query parameter caused | ||
| the error. | ||
| * <a id="error-objects-source-missing"></a>`missing`: an object indicating | ||
| that the error was caused by a missing profile, JSON object key (or array | ||
| index), or URI query parameter. If present, this object **MUST** contain | ||
|
There was a problem hiding this comment. I can't think of a use case for the missing array index. What am I missing? There was a problem hiding this comment. E.g., a profile that takes data in an There was a problem hiding this comment. The coordinate example helps, thanks! But I thought profiles only could add elements to the document structure (per I'm probably still missing something, sorry. There was a problem hiding this comment.
It's both. I.e., the value is invalid because a key (index 2) is missing. In other words, if a client client sends: then the server's error object would ideally contain In theory, you never need |
||
| exactly one of the following keys: | ||
| * `extension`: the URI of a missing profile. This key **SHOULD** be | ||
|
|
||
| used with the `pointer` member to indicate which value in the request | ||
| document is missing the profile. | ||
| * `key`: the name of a missing key in a JSON object, or a missing index in | ||
| a JSON array, expressed as a string. This key **SHOULD** be used with | ||
| the `pointer` member to indicate which object/array in the request | ||
| document is missing the key. | ||
|
Comment on lines
+2403
to
+2406
There was a problem hiding this comment. Even if server-required profiles doesn't make it into 1.1, I think this is a worthwhile addition, paired with the language added in e75cec1 to clarify that the pointer must reference an element in the original request. In the case of a missing key, this should be paired with some other data point (e.g., this element) to tell the client exactly which data was missing. |
||
| * `parameter`: the name of a missing URI query parameter. | ||
|
|
||
| This object **MAY** also contain an `alternatives` key, whose value is an | ||
| array listing alternate profile URIs, key names, or query parameter names | ||
| (depending on which type of value is missing) that can be added to resolve | ||
| this error. | ||
| * `meta`: a [meta object][meta] containing non-standard meta-information about the | ||
| error. | ||
|
|
||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a very important sentence for understanding how profiles are meant to be implemented for maximum interoperability! I'm glad we're adding it after all :)