After we receive authorization code browser cannot get token alone. It need to have client keys, secrets, scopes etc. So after 8th step onward token retrieving need to be handle from publisher/store side. Then app need to obtain token and direct user to new page. Also as i remember by the time we get authorization code we need to show scopes and get user consent for scopes.
Thanks, sanjeewa. On Mon, May 22, 2017 at 10:38 AM, Naduni Pamudika <nad...@wso2.com> wrote: > Hi All, > > In API Manager, currently we have basic authentication. In order to move > it into Single Sign On (SSO) for API Manager 3.0 (for Publisher and Store > logins), it was agreed in [1] to use OpenID Connect (OIDC) with > authorization code grant type. > > Following diagram explains the flow of the SSO feature for Publisher/Store > Login. > > > > > Appreciate your feedback and suggestions on the approach. > > [1] Mail Subject - "[Architecture] [APIM] [C5] Single sign on support in > API Manager 3.0" > > Thank you. > Naduni > -- > *Naduni Pamudika* > Software Engineer > > WSO2 Inc: http://wso2.com > Email: nad...@wso2.com > Mobile: 0719143658 <071%20914%203658> > [image: http://wso2.com/signature] <http://wso2.com/signature> > -- *Sanjeewa Malalgoda* WSO2 Inc. Mobile : +94713068779 <http://sanjeewamalalgoda.blogspot.com/>blog :http://sanjeewamalalgoda.blogspot.com/ <http://sanjeewamalalgoda.blogspot.com/>
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
