Hi Naduni, In this flow user authentication should be done using ID token (you will get this with access token ) And to access the relevant resources you can use access token but need to send necessary scopes in the beginning.
And I have following questions regarding this. 1. How do you configure this IDPs other than WSO2 identity server 2. How do you handle logout ? -Ishara On Mon, May 22, 2017 at 11:12 AM, Sanjeewa Malalgoda <sanje...@wso2.com> wrote: > After we receive authorization code browser cannot get token alone. It > need to have client keys, secrets, scopes etc. So after 8th step onward > token retrieving need to be handle from publisher/store side. Then app need > to obtain token and direct user to new page. Also as i remember by the time > we get authorization code we need to show scopes and get user consent for > scopes. > > Thanks, > sanjeewa. > > On Mon, May 22, 2017 at 10:38 AM, Naduni Pamudika <nad...@wso2.com> wrote: > >> Hi All, >> >> In API Manager, currently we have basic authentication. In order to move >> it into Single Sign On (SSO) for API Manager 3.0 (for Publisher and Store >> logins), it was agreed in [1] to use OpenID Connect (OIDC) with >> authorization code grant type. >> >> Following diagram explains the flow of the SSO feature for >> Publisher/Store Login. >> >> >> >> >> Appreciate your feedback and suggestions on the approach. >> >> [1] Mail Subject - "[Architecture] [APIM] [C5] Single sign on support in >> API Manager 3.0" >> >> Thank you. >> Naduni >> -- >> *Naduni Pamudika* >> Software Engineer >> >> WSO2 Inc: http://wso2.com >> Email: nad...@wso2.com >> Mobile: 0719143658 <071%20914%203658> >> [image: http://wso2.com/signature] <http://wso2.com/signature> >> > > > > -- > > *Sanjeewa Malalgoda* > WSO2 Inc. > Mobile : +94713068779 <+94%2071%20306%208779> > > <http://sanjeewamalalgoda.blogspot.com/>blog :http://sanjeewamalalgoda. > blogspot.com/ <http://sanjeewamalalgoda.blogspot.com/> > > > -- Ishara Karunarathna Associate Technical Lead WSO2 Inc. - lean . enterprise . middleware | wso2.com email: isha...@wso2.com, blog: isharaaruna.blogspot.com, mobile: +94717996791
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
