+1. SCIM endpoint supports Basic Auth and OAuth for security through a handler interface defined specifically for SCIM. When implementing DCR (Dynamic client registration) specification this same need occurred. If the the security handlers defined inside SCIM(which serve for a generic purpose) can be placed in a seperate more generic package, that can be reused in occasionas like this.
[1] - https://github.com/wso2/carbon-identity/tree/master/components/scim/org.wso2.carbon.identity.scim.provider/src/main/java/org/wso2/carbon/identity/scim/provider/auth Thanks, Pushpalanka. -- Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ Mobile: +94779716248 Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka On Mon, Feb 22, 2016 at 1:42 PM, Johann Nallathamby <joh...@wso2.com> wrote: > +1. > > Also these set of authenticators should be used to secure any REST > endpoint that we expose, not only OAuth2. WDYT? E.g. in SCIM endpoint the > authentication is baked into the SCIM code, although it has a concept of > handlers. I think all these restful authentication mechanisms must unify > and come under a single framework. > > > On Mon, Feb 22, 2016 at 11:24 AM, Prabath Siriwardana <prab...@wso2.com> > wrote: > >> At the moment we are coupled into HTTP basic authentication >> with client_id/client_secret , which is not right.. >> >> Can we decouple this from the token endpoint..? And we should able to >> develop these authenticators as independent connectors.. >> >> WDYT...? >> >> -- >> Thanks & Regards, >> Prabath >> >> Twitter : @prabath >> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >> >> Mobile : +1 650 625 7950 >> >> http://blog.facilelogin.com >> http://blog.api-security.org >> > > > > -- > Thanks & Regards, > > *Johann Dilantha Nallathamby* > Technical Lead & Product Lead of WSO2 Identity Server > Governance Technologies Team > WSO2, Inc. > lean.enterprise.middleware > > Mobile - *+94777776950* > Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* > > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > >
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
