Hi All, AFAIU from the current code base following the way we have implemented to handle the OAuth token authentication.
1. We will generate the OAuth token when the instance spawn and pass it through the cartridge payload as launch param(TOKEN) to the cartridge. 2. From the cartridge payload we can get that OAuth token and pass it through the rest request to the metadata service. We have to pass token through "Authorization: Bearer" in the rest call. Please confirm this 3. We are using the "OAuthHandler" to handle the authentication based on the oAuth token.(As per cxf-servlet.xml) 4. Also currently we are still enable the basicAuthenticationFilter(I think we can remove that filter once the token based authentication is verified) Please confirm the above steps as per our implementation. Also please add anything that I have missed here. Thanks, Gayan -- Gayan Gunarathne Technical Lead WSO2 Inc. (http://wso2.com) email : gay...@wso2.com | mobile : +94 766819985