We had a discussion recently and decided to use a separate base path. One of the reasons is that if we have any major changes and decides to increase the version number of oauth2, it affects the /userinfo API as well.
Therefore proposed base path is /api/auth/oidc/v1.0/userinfo. Thank you! On Thu, Mar 29, 2018 at 2:25 PM, Johann Nallathamby <joh...@wso2.com> wrote: > The concept of a user information endpoint was their from pre OpenID > Connect times as well. Facebook did this even before OIDC because a > standard. > > However, if we are doing this fresh I would also prefer if we define a > separate base path for /userinfo to keep things clean and clear. > > Regards, > Johann. > > On Thu, Mar 29, 2018 at 1:30 PM, Sanjeewa Malalgoda <sanje...@wso2.com> > wrote: > >> As i can see some of the other solutions listed user info under oauth2. >> And i do not see issue with that as usually user info API respond for >> requests with oauth token and return user info. >> When we obtain access token we can pass openID scope and later get user >> information using same token from user info API. So as i see they are >> linked internally somehow with current implementation. >> May be that is why we used this path. >> >> Thanks, >> sanjeewa. >> >> On Thu, Mar 29, 2018 at 10:59 AM, Uvindra Dias Jayasinha < >> uvin...@wso2.com> wrote: >> >>> +Sagara, Johann >>> >>> >>> On 29 March 2018 at 10:57, Uvindra Dias Jayasinha <uvin...@wso2.com> >>> wrote: >>> >>>> I'm in favour of having userinfo separate from the default oauth2 >>>> service since its a different concern altogether. Im not sure the reason >>>> behind why the IS team originally included userinfo as part of their oauth >>>> service. >>>> >>>> So +1 for option 2 >>>> >>>> >>>> >>>> On 28 March 2018 at 12:46, Pubudu Gunatilaka <pubu...@wso2.com> wrote: >>>> >>>>> Hi, >>>>> >>>>> Userinfo endpoint comes under OpenID connect. Basically, OpenId is >>>>> about authentication and OAuth is about authorization. Currently, we have >>>>> /userinfo endpoint under oauth2 [1]. >>>>> >>>>> *Available Options:* >>>>> >>>>> 1. Use /userinfo endpoint under oauth2. >>>>> >>>>> In APIM v3 Key Manager, base path for oauth2 is >>>>> /api/auth/oauth2/v1.0. By adding this resource, we are allowing OAuth2 >>>>> endpoint for authentication and authorization. >>>>> >>>>> 2. Introduce new base path for /userinfo endpoint as it comes under >>>>> OpenID connect. Oath2 spec does not explain the userinfo endpoint. >>>>> >>>>> Suggestions: >>>>> /api/auth/connect/v1.0/userinfo >>>>> >>>>> Appreciate your thoughts? >>>>> >>>>> [1] - https://docs.wso2.com/display/IS450/OpenID+Connect+Basic+Cli >>>>> ent+Profile+with+WSO2+Identity+Server >>>>> >>>>> Thank you! >>>>> -- >>>>> *Pubudu Gunatilaka* >>>>> Committer and PMC Member - Apache Stratos >>>>> Senior Software Engineer >>>>> WSO2, Inc.: http://wso2.com >>>>> mobile : +94774078049 <%2B94772207163> >>>>> >>>>> >>>> >>>> >>>> -- >>>> Regards, >>>> Uvindra >>>> >>>> Mobile: 777733962 >>>> >>> >>> >>> >>> -- >>> Regards, >>> Uvindra >>> >>> Mobile: 777733962 >>> >> >> >> >> -- >> >> *Sanjeewa Malalgoda* >> WSO2 Inc. >> Mobile : +94713068779 <+94%2071%20306%208779> >> >> <http://sanjeewamalalgoda.blogspot.com/>blog >> :http://sanjeewamalalgoda.blogspot.com/ >> <http://sanjeewamalalgoda.blogspot.com/> >> >> >> > > > -- > > *Johann Dilantha Nallathamby* > Senior Lead Solutions Engineer > WSO2, Inc. > lean.enterprise.middleware > > Mobile: *+94 77 7776950* > LinkedIn: *http://www.linkedin.com/in/johann-nallathamby > <http://www.linkedin.com/in/johann-nallathamby>* > Medium: *https://medium.com/@johann_nallathamby > <https://medium.com/@johann_nallathamby>* > Twitter: *@dj_nallaa* > -- *Pubudu Gunatilaka* Committer and PMC Member - Apache Stratos Senior Software Engineer WSO2, Inc.: http://wso2.com mobile : +94774078049 <%2B94772207163>
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
