John Teeter

making sure read-only transactions are the default across the board and that non-read-only are specifically initiated when needed. (with focus on the controller/service/repository layers).

multiple retailCustomers are assigned the same access_token

11

Start with a clean system. Sign in to the third party and authorize allan access to the first data custodian using the first scopestring. sign out of the third party....

The authorizationPeriod and publishedPeriod must: 1) be supported correctly in the authorization class -> they be initialized from values obtained from the scope string(s). 2) must also be used properly...

The initial values of the authorization period and published period need to be extracted from the scope string at the time of access authorization.

The RetailCustomerController.java (in the datacustodian.web.package) contains the patterns: DATA_CUSTODIAN_RETAIL_CUSTOMER_INDEX DATA_CUSTODIAN_RETAIL_CUSTOMER_FORM DATA_CUSTODIAN_RETAIL_CUSTOMER_CREATE DATA_CUSTODIAN_RETAIL_CUSTOMER_SHOW These controllers provide the basis for RetailCustomer(Account) management.

JavaDoc Documentation

1

Drive the DataCustodian .war file documentation. Focus on: 1 - Controllers 2 - Restful API - (As defined in API documentation) 3 - UX flow

Using:

To be able to remove an applicationInformation and all of it's associated authorizations (ref: RFC 7009)

A way for either the third party or the data custodian to revoke an authorization. (ref: RFC 7009)

There is a need to have individual sandbox's supported