On Mon, Mar 9, 2015 at 9:20 PM, Amila De Silva <[email protected]> wrote:
> > > On Mon, Mar 9, 2015 at 7:43 PM, Nuwan Dias <[email protected]> wrote: > >> Hi Amila, >> >> Embedding a token will not work. We need to handle token expiration and >> refresh when necessary. Therefore we need consumer key/secret pair. >> > Understood. > > Since we are only storing Consumer Key/Secret, are we mandating a > particular grant type (client credentials) ? > Yes, that's the idea. > >> Thanks, >> NuwanD. >> >> On Fri, Mar 6, 2015 at 8:23 PM, Amila De Silva <[email protected]> wrote: >> >>> Hi Madusanka, >>> >>> I think it's better to provide an option to store an Access Token >>> Obtained from an Authorization Server. >>> From what I understood, in this scenario, the API acts as a client and >>> the token generated or provided is only another form of credential used to >>> access the backend. If this is the case, is it correct to put this under >>> the OAuth Mediator? The OAuth Mediator seems to validating the Token before >>> sending it to the backend, but here what we need is a way of embedding a >>> token. >>> >>> On Thu, Feb 12, 2015 at 11:25 AM, Madusanka Premaratne < >>> [email protected]> wrote: >>> >>>> Hi, >>>> We need to add a property to the messageContext to store the access >>>> token. Planning to use the property name as *oauth.accessToken*. >>>> The OAuth Mediator configuration changes are as below. >>>> >>>> Current OAuth configurations for the token verification, >>>> <oauthService >>>> >>>> remoteServiceUrl="https://10.100.5.179:9444/services/"; >>>> username="user" >>>> password="user"/> >>>> >>>> The new configuration for both token generation and validation. Newly >>>> added ones are bolded to identify easily. >>>> <oauthService >>>> >>>> *mode="tokenGenerate"* >>>> >>>> remoteServiceUrl="https://10.100.5.179:9444/services/"; >>>> username="user" >>>> password="user"> >>>> >>>> *<tokenServer /><consumerKey /><consumerSecret />* >>>> >>>> </oauthService> >>>> >>>> Thanks, >>>> >>>> >>>> On Thu, Feb 12, 2015 at 10:23 AM, Nuwan Dias <[email protected]> wrote: >>>> >>>>> Hi Madusanka, >>>>> >>>>> Shall we come up with the OAuth mediator configuration changes >>>>> (additions) we'll be coming up with to support this feature? >>>>> >>>>> Thanks, >>>>> NuwanD. >>>>> >>>>> On Wed, Feb 11, 2015 at 4:44 PM, Madusanka Premaratne < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi All, >>>>>> In API Manager, we only support secure endpoints through basic auth. >>>>>> To improve it to use OAuth, we are going to use ESB OAuth Mediator. But >>>>>> currently the above mediator only validates the keys and the consumer. >>>>>> >>>>>> Improvement : >>>>>> >>>>>> - Feed client key, secret and *token endpoint* to the mediator >>>>>> from the UI. >>>>>> - Generate a token for the consumer and stores it to use with API >>>>>> Manager (or any other product) >>>>>> - Store the lifetime / remaining time of the token >>>>>> - If token expires, generate a token automatically and store it >>>>>> for future use >>>>>> >>>>>> Please see the attachment below for graphical representation[1] >>>>>> >>>>>> [1] - >>>>>> https://drive.google.com/a/wso2.com/file/d/0B6h6rqrZ11fFQWZ5UkJXZ1JZX2c/view?usp=sharing >>>>>> >>>>>> Your feedback and suggestions are welcome. >>>>>> Thanks, >>>>>> >>>>>> -- >>>>>> *Madusanka Premaratne* | Associate Software Engineer >>>>>> WSO2, Inc | lean. enterprise. middleware. >>>>>> #20, Palm Grove, Colombo 03, Sri Lanka >>>>>> Mobile: +94 71 835 70 73| Work: +94 112 145 345 >>>>>> Email: [email protected] | Web: www.wso2.com >>>>>> >>>>>> [image: Facebook] <https://www.facebook.com/rmmpremaratne> [image: >>>>>> Twitter] <https://twitter.com/rmmpremaratne> [image: Google Plus] >>>>>> <https://plus.google.com/u/0/+MadusankaPremaratnemaduz/about/p/pub> >>>>>> [image: >>>>>> Linkedin] <http://lk.linkedin.com/in/madusanka/> [image: Instagram] >>>>>> <http://instagram.com/madusankapremaratne> [image: Skype] >>>>>> <http://@rmmpremaratne> >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Nuwan Dias >>>>> >>>>> Associate Tech Lead - WSO2, Inc. http://wso2.com >>>>> email : [email protected] >>>>> Phone : +94 777 775 729 >>>>> >>>> >>>> >>>> >>>> -- >>>> *Madusanka Premaratne* | Associate Software Engineer >>>> WSO2, Inc | lean. enterprise. middleware. >>>> #20, Palm Grove, Colombo 03, Sri Lanka >>>> Mobile: +94 71 835 70 73| Work: +94 112 145 345 >>>> Email: [email protected] | Web: www.wso2.com >>>> >>>> [image: Facebook] <https://www.facebook.com/rmmpremaratne> [image: >>>> Twitter] <https://twitter.com/rmmpremaratne> [image: Google Plus] >>>> <https://plus.google.com/u/0/+MadusankaPremaratnemaduz/about/p/pub> [image: >>>> Linkedin] <http://lk.linkedin.com/in/madusanka/> [image: Instagram] >>>> <http://instagram.com/madusankapremaratne> [image: Skype] >>>> <http://@rmmpremaratne> >>>> >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> *Amila De Silva* >>> >>> WSO2 Inc. >>> mobile :(+94) 775119302 >>> >>> >> >> >> -- >> Nuwan Dias >> >> Associate Tech Lead - WSO2, Inc. http://wso2.com >> email : [email protected] >> Phone : +94 777 775 729 >> > > > > -- > *Amila De Silva* > > WSO2 Inc. > mobile :(+94) 775119302 > > -- Nuwan Dias Associate Tech Lead - WSO2, Inc. http://wso2.com email : [email protected] Phone : +94 777 775 729
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
