what should an API descriptor describe?
* API documentation / explorer
* have the docs updated automatically
* describe services/operations/payloads/errors/examples
almost all of the APIs are described using OpenAPI standard format, which can be in turn used to generate a swagger UI to display the APIs in human readable format
OpenAM 14.0.0 will include an API explorer that describes the 90% of the RESTful APIs
the standard based endpoints (oauth2, uma) aren't described because the specs are much more detailed.
In OpenAM the json/authenticate endpoint isn't described currently, because it isn't describing a state transition.
Note: everything that is possible to do using the XUI admin console is possible to do with our REST APIs as well
how to add extra endpoints?
implement custom RestRouteProvider that can add new endpoints to OpenAM's REST router. The impl needs to have a serviceloader files. You also have full access to the Gui ce modules and injections.
how to evaluate policies as an admin on behalf of an end-user (without knowing the end-user's session ID)?
most likely JwtSubjects could be used for these purposes.
The API Descriptor can be also used to generate code to use our APIs.
AMster is going to be our new command line utility that is based on our REST SDK (which is generated using the API descriptor).
AMster will have features for both installing and configuring an OpenAM instance.
The export functionality will allow end-users to track their configuration in Git repository for example. The export will create a complex directory structure and it will be possible to import subset of the configuration (only folders or specific JSON files)