Hi Roshan, I think this is an awesome new feature. +1
I see a small security concern with associating an OAuth client only with the consumer key. If they use the consumer key, they will then be able to view the consumer secret. This could be abused as a way to fetch the secret key. Perhaps both consumer key and secret should be necessary when tying a new app to existing OAuth client. Alternately, you could obscure the secret for apps created like this (but that would require deeper modification). Cheers, Colin Roy-Ehri Software Engineer *WSO2, Inc. : wso2.com <http://wso2.com/>* *Mobile* : 812-219-6517 On Tue, Mar 10, 2015 at 12:59 AM, Roshan Wijesena <ros...@wso2.com> wrote: > Hi Isabelle, > > We could see possible two use cases as below, > > First, let say, a person uses an external authorization server and it > contains already created oauth clients. Assume that user might want to > use wso2 API manager with that particular authorization server, as a key > manager. In that case If he/she wants to associate already existing oauth > clients with API manager applications, there should be a way to do it. > > Second, there might be a situation where a user wants to create Oauth > clients in their authorization server manually, (for example by using an > API, Dynamic client registration API in OpenID connect). Then later user > logging in to APIM and create an APIM application and instead of creating > a new oAuth client he/she should be able to associate that manually > created Oauth client with the API manager application. > > Both of the above use cases are more or less the same. The basic idea of > this feature is, the store user will be given an opportunity to associate > their manually created oAuth clients with API manager. > > Hi NuwanD, > > Yes,If they disable this feature from the config file it will only show > the 'Generate' button. And these options are available for both production > and sandbox environments. > > Regards > Roshan. > > > On Mon, Mar 9, 2015 at 7:39 PM, Nuwan Dias <nuw...@wso2.com> wrote: > >> >> >> On Mon, Mar 9, 2015 at 6:21 PM, Isabelle Mauny <isabe...@wso2.com> wrote: >> >>> I am not clear who the target user is or what the use case is. Can you >>> share that please ? >>> >>> Isabelle. >>> >>> >>> ------------------------------------------------------------------------------------- >>> *Isabelle Mauny* >>> VP, Product Management - WSO2, Inc. - http://wso2.com/ >>> >>> >>> On Fri, Mar 6, 2015 at 5:08 PM, Roshan Wijesena <ros...@wso2.com> wrote: >>> >>>> Hi, >>>> >>>> When providing the capability to plug in an External Authorization >>>> Server for managing tokens and clients, a need may also arise to associate >>>> already existing Oauth clients with Applications created in API Manager. >>>> >>>> We are working on a solution to cater the above requirement. When users >>>> log in to the store and navigate to the subscription page, they can decide >>>> whether they want to an entirely new OAuth client or associate an existing >>>> OAuth client with the Application in APIM side. Users can associate an >>>> existing Oauth App by enabling a check box. If they check the option, they >>>> will be given a text box to enter the consumer key of the oAuth client. >>>> Once users click on generate button we will create a new mapping for that >>>> consumer key with the API Manager application. >>>> >>>> If someone wants to disable this feature completely they can turn it >>>> off by changing a config setting from api-manger.xml config file. >>>> >>> >> So if they disable it we will only show the 'Generate' button? Also, >> these options are enabled for both 'Production' and 'Sandbox' as well >> right? >> >>> >>>> Regards >>>> Roshan. >>>> >>>> -- >>>> Roshan Wijesena. >>>> Senior Software Engineer-WSO2 Inc. >>>> Mobile: *+94719154640 <%2B94719154640>* >>>> Email: ros...@wso2.com >>>> *WSO2, Inc. :** wso2.com <http://wso2.com/>* >>>> lean.enterprise.middleware. >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> Architecture@wso2.org >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> _______________________________________________ >>> Architecture mailing list >>> Architecture@wso2.org >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Nuwan Dias >> >> Associate Tech Lead - WSO2, Inc. http://wso2.com >> email : nuw...@wso2.com >> Phone : +94 777 775 729 >> >> _______________________________________________ >> Architecture mailing list >> Architecture@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Roshan Wijesena. > Senior Software Engineer-WSO2 Inc. > Mobile: *+94719154640 <%2B94719154640>* > Email: ros...@wso2.com > *WSO2, Inc. :** wso2.com <http://wso2.com/>* > lean.enterprise.middleware. > > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > >
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
