Hi All,
We are planning of $subject.
In some use cases, it is desirable or necessary to allow OAuth clients to
obtain authorization from an authorization server without the two parties
having previously interacted. Therefore in order for the authorization
server to accurately represent to end users which client is seeking
authorization to access the end user’s resources, a method for automatic
and unique registration of clients is needed. This is where the Dynamic
Client Registration protocol comes into play.
The RFC related to this feature can be found in [1]
*Problem*
Currently, we have implementations for DCR in products like WSO2 API
Manager and WSO2 Enterprise Mobility Manager. This leads to a duplication
of the functionality. Since this feature should ideally reside in the WSO2
Identity Server, we are trying to move it to their code base so that it
will be available to the entire WSO2 platform.
*Solution*
We are trying to implement it so that the endpoint for registering and
unregistering an OAuth client will be available through the oauth2 web app
being deployed through the Identity Server.
This feature is implemented as an OSGi service. The endpoint details will
be as follows.
Registering an OAuth 2.0 client application will take place through a POST
request to the registration endpoint. For example see the following sample
request,
POST *oauth2/oauthdcr* HTTP/1.1
Content-Type: application/json
{
"callbackUrl": "www.google.lk",
"clientName": "MyApp", //OAuth application name
"tokenScope": "Production",
"owner": "admin", //User name of application owner
"grantType": "password refresh_token", //space separated grant-type
list
"saasApp" :true //indicates whether this is a SaaS app or not
}
Upon successful registration you'll receive a json payload including the
client-name, client-id, client-secret and the callback-url.
Similarly unregistering an OAuth 2.0 client application will take place
through a DELETE request to the registration endpoint with the
applicationName, userId(username of the application owner) and the
consumerKey taken in as query parameters in the request.
[1] https://tools.ietf.org/html/rfc7591
Tharika Madurapperuma
Intern - Software Engineering
WSO2, Inc.
Mobile : +94777-875-624
_______________________________________________
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
