Hi Johann, so if a user is logged is using SAML, is there a way we call a OAuth2 API form the front end js (via REST) directly without going through a proxy?
On Tue, Feb 3, 2015 at 11:22 PM, Johann Nallathamby <joh...@wso2.com> wrote: > The discussion is about how to secure APIs, and OAuth2 is the popular > choice here. > > How to do SSO to the web front end is a separate question and OpenID > Connect can be one possibility. Like others have mentioned in this thread > above, there can be other ways to login to the web front end, e.g. SAML2 > SSO, username/password, etc. Depending on the login mechanism there are > other grant types you may be able to use to secure APIs using OAuth2 such > as SAML2 Bearer, Resource Owner Password, self-issued tokens, etc. > > OpenID Connect might be the ideal choice, but right now the limitation we > have with OpenID Connect is that we don't support the session management > protocol which is required for single logout. > > On Tue, Feb 3, 2015 at 5:18 AM, Manuranga Perera <m...@wso2.com> wrote: > >> Hi Johann, >> >> As I understand (form Dulanja) we need OpenID Connect [1] to fully >> integrate with web front-end. so we can keep the token in fount end (in JS) >> and do the call using REST. isn't that the way to go? >> >> [1] http://openid.net/connect/ >> > > > > -- > Thanks & Regards, > > *Johann Dilantha Nallathamby* > Associate Technical Lead & Product Lead of WSO2 Identity Server > Integration Technologies Team > WSO2, Inc. > lean.enterprise.middleware > > Mobile - *+94777776950* > Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* > -- With regards, *Manu*ranga Perera. phone : 071 7 70 20 50 mail : m...@wso2.com
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
