Hi, Currently authentication handlers of Stratos REST API check whether user is valid. If the user is valid, the API call is allowed to proceed, no user information is set to carbon context. This is OK since CC, AS services are not secured services. The issue occurs when a component tries to call an admin service. In order to call an admin service, username password or an session is required.
For example AS need to call IS admin services in order to created token. Normal way of calling admin service is, first obtain a session calling AuthenticationAdmin admin service using username,password. Then uses the obtained token for subsequent admin calls. However at the time of API call hits carbon components, no user information is included. Currently as an alternative, I added a JWT authenticator, which authenticate every admin call. I think authenticating each admin call using JWT authenticator is an overhead since it consist of encrypting messages. Possible solutions came to my mind. 1) Add oAuth to Stratos API too. 2) User get a session first time and uses it for subsequent call There are two session, one is between user and Stratos web app, second is between web app and carbon. When a user first call /login API with username/password, it calls AuthenticationAdmin and get a session which is sent back to the client which he uses for subsequent calls. Currently /session endpoint does a similar thing, however it returns a session in web app, not from Carbon. 3) Stratos authentication handlers call carbon authentication handlers directly. I am not very clear about the workflow, however rather than we duplicating authenticating handlers in stratos web app, it may be better to call Carbon authentication handlers. What are the best practices in this kind of a scenario, like to see some responses. [1] http://nuwanwimalasekara.blogspot.com/2013/02/invoking-wso2-carbon-admin-services.html -- Udara Liyanage Software Engineer WSO2, Inc.: http://wso2.com lean. enterprise. middleware web: http://udaraliyanage.wordpress.com phone: +94 71 443 6897