Hai Vijitha..!
Yes you are right..! The issue is that we have to pass the
username,pwd, cliend,id, cliend secret, access endpoint, authrize endpoint
with the HTTP header of the REST calls.
thats is why I said if we can somehow generate the access token to be
visible then we can just pass the access token with HTTP header.
Way I mentioned before does not display the Access token . That is
generated inside the code.
Regards,
Ragu
On Tue, Jan 15, 2013 at 7:55 PM, Vijitha Kumara <viji...@wso2.com> wrote:
>
>
> On Tue, Jan 15, 2013 at 7:27 PM, Sriragu Arudsothy <srir...@wso2.com>wrote:
>
>> Hai..!
>>
>> I have found some useful samples. After I went through I think
>> I can generate the Access token using the [client id, secret, username,
>> pwd]. Also we can validate the access token to proceed or give an error
>> message.
>>
>> After we installed the OAuth feature through the feature manager, we were
>> able to get the clientid, secret, access endpoint, authorize endpoint
>> values. But the access token is created by using the above parameters.
>> Therefore we are able to provide a access token.
>>
>>
>
>> If we generated the access token inside the code, how can we expose it to
>> the user then only he/she can use the token to send the REST calls?
>>
>
> In this case the user will be authenticated (with uname/pwd) to the
> registry/provider so then a token will be returned. Then that token will be
> used afterwards (given the authorizations to access resources for that
> user). So I think we don't need a functionality(API) to expose the token
> here?
>
> Or we can use the token which can be generated by the OAuth feature for
> the REST app for that particular user (In UI)? This I think is not
> necessary as the user of the REST API need to be authenticated to the
> registry/provider anyway?
>
>
>
> Regards,
> Vijitha.
>
>
>>
>>
>> Any ideas ?
>>
>> Thanks!
>> Ragu
>>
>> On Mon, Jan 14, 2013 at 10:51 PM, Sriragu Arudsothy <srir...@wso2.com>wrote:
>>
>>> yes of course, pls let me know the time/venue.
>>>
>>> Thanks!
>>> Ragu
>>>
>>>
>>> On Mon, Jan 14, 2013 at 10:24 PM, Prabath Siriwardena
>>> <prab...@wso2.com>wrote:
>>>
>>>> Hi Ragu,
>>>>
>>>> Shall we chat on this tomorrow...
>>>>
>>>> Thanks & regards,
>>>> -Prabath
>>>>
>>>>
>>>> On Mon, Jan 14, 2013 at 8:34 PM, Sriragu Arudsothy <srir...@wso2.com>wrote:
>>>>
>>>>> Hai !
>>>>>
>>>>> As you said I have to write a handler that should extracts the
>>>>> bearer token which is passed with the Http header with the request.
>>>>>
>>>>> The header format will be similar to[ Authorization: Bearer
>>>>> wU62DjlyDBnq87GlBwplfqvmAbAa.] "wU62DjlyDBnq87GlBwplfqvmAbAa" as from
>>>>> the API manager documentation said as the API key. The API key which is
>>>>> generated from the API manager console when the user subscribes to the
>>>>> specific API. Subscriber panel displays these values.
>>>>>
>>>>> From the API manager doc: "The generated keys, namely an access
>>>>> token, a consumer key and a consumer secret".
>>>>>
>>>>> My question is: When I give a call from REST client, What value Do I
>>>>> need to pass for http header with bearer token? Some thing like API
>>>>> key which uniquely identifies the subscribed APIs, I want to pass some key
>>>>> that uniquely identifies the user and enable to do CRUD operation on his
>>>>> resources.
>>>>>
>>>>> Pls apologize me if I am misunderstaning. if so let me know the right
>>>>> way..!
>>>>>
>>>>> Thanks!
>>>>> Ragu
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Mon, Jan 14, 2013 at 1:56 PM, Prabath Siriwardena <prab...@wso2.com
>>>>> > wrote:
>>>>>
>>>>>>
>>>>>>
>>>>>> On Sun, Jan 13, 2013 at 11:36 PM, Sriragu Arudsothy <srir...@wso2.com
>>>>>> > wrote:
>>>>>>
>>>>>>> Hai Senaka..!
>>>>>>>
>>>>>>> OAuth 2.0 provides 4 types of Authentication
>>>>>>> grant type. All four types of grant types are requiring the client
>>>>>>> id/client secret atleast. The OAuthTokenValidationService requires
>>>>>>> either
>>>>>>> client id/client secret or username/pwd with client secret depends on
>>>>>>> the
>>>>>>> OAuth grant type. If we are able to pass the Access token with REST
>>>>>>> calls
>>>>>>> then we are done.
>>>>>>>
>>>>>>
>>>>>> You are acting as the resource server - so you need not to worry
>>>>>> about any of the grant types...
>>>>>>
>>>>>> Thanks & regards,
>>>>>> -Prabath
>>>>>>
>>>>>>
>>>>>>>
>>>>>>> 1) I asked the IS Guys whether Is it possible to generate the access
>>>>>>> token with the user name/pwd over the chat ? They do not have the answer
>>>>>>> for that. They said there may be a way to create a access token through
>>>>>>> the
>>>>>>> OAuthAdminService. Bz In Greg, we have users with user credentials. We
>>>>>>> dont have any concepts call client ID/Client secret.
>>>>>>>
>>>>>>> 2) When we request from the REST client we need to pass the user
>>>>>>> credentials with resource URI. The User then authenticated and access
>>>>>>> is
>>>>>>> carried out or denied. Therefore the OAuth access tokens are valid for a
>>>>>>> short period. Therefore it is better to authenticate for each and every
>>>>>>> request. This is the way I am thinking to proceed. Bz still unclear
>>>>>>> about
>>>>>>> the authentication using username/pwd with OAuth 2.0.
>>>>>>>
>>>>>>> WDYT?
>>>>>>>
>>>>>>>
>>>>>>> http://blog.facilelogin.com/2012/08/wso2-oauth-20-playground-with-wso2.html
>>>>>>>
>>>>>>> http://blog.facilelogin.com/2012/06/oauth-20-integration-patterns-with.html
>>>>>>>
>>>>>>> the above links explains.
>>>>>>>
>>>>>>> Regards,
>>>>>>> Ragu
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Sun, Jan 13, 2013 at 9:35 PM, Senaka Fernando <sen...@wso2.com>wrote:
>>>>>>>
>>>>>>>> Hi Ragu,
>>>>>>>>
>>>>>>>> While I'm unable to provide the best answer for #2 right away
>>>>>>>> without doing some research into how OAuth 2.0 is implemented in our
>>>>>>>> platform, for #1, you definitely can and must use the component and
>>>>>>>> not IS
>>>>>>>> for the REST API implementation in G-Reg. Also, please validate that
>>>>>>>> the
>>>>>>>> features that you will be using in the process include a minimum
>>>>>>>> number of
>>>>>>>> jars to provide the required OAuth 2.0 functionality.
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Senaka.
>>>>>>>>
>>>>>>>> On Sun, Jan 13, 2013 at 8:44 AM, Sriragu Arudsothy <
>>>>>>>> srir...@wso2.com> wrote:
>>>>>>>>
>>>>>>>>> Hai ,
>>>>>>>>>
>>>>>>>>> When invoke the REST calls to access the resources or
>>>>>>>>> resource related properties, the request has to be authenticated
>>>>>>>>> against
>>>>>>>>> the user credentials using OAuth 2.0. It is a jax web app running on
>>>>>>>>> G-Reg.
>>>>>>>>> Currently it works without the OAuth mechanism. I went through some
>>>>>>>>> extent
>>>>>>>>> on how OAuth is working on IS.
>>>>>>>>>
>>>>>>>>> 1) Is that the OAuth is adaptable component to G-Reg? or Do I need
>>>>>>>>> to run the IS?
>>>>>>>>>
>>>>>>>>> 2) If OAuth is a separate component then how can I integrate to my
>>>>>>>>> problem?
>>>>>>>>>
>>>>>>>>> Your thoughts are welcome on way how do I need to approach?
>>>>>>>>>
>>>>>>>>> Thanks!
>>>>>>>>> Sriragu
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Dev mailing list
>>>>>>>>> Dev@wso2.org
>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> * <http://wso2con.com/>
>>>>>>>> *
>>>>>>>> *
>>>>>>>>
>>>>>>>> Senaka Fernando*
>>>>>>>> Member - Integration Technologies Management Committee;
>>>>>>>> Technical Lead; WSO2 Inc.; http://wso2.com*
>>>>>>>> Member; Apache Software Foundation; http://apache.org
>>>>>>>>
>>>>>>>> E-mail: senaka AT wso2.com
>>>>>>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818
>>>>>>>> Linked-In: http://linkedin.com/in/senakafernando
>>>>>>>>
>>>>>>>> *Lean . Enterprise . Middleware
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Dev mailing list
>>>>>>> Dev@wso2.org
>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Thanks & Regards,
>>>>>> Prabath
>>>>>>
>>>>>> Mobile : +94 71 809 6732
>>>>>>
>>>>>> http://blog.facilelogin.com
>>>>>> http://RampartFAQ.com
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Thanks & Regards,
>>>> Prabath
>>>>
>>>> Mobile : +94 71 809 6732
>>>>
>>>> http://blog.facilelogin.com
>>>> http://RampartFAQ.com
>>>>
>>>
>>>
>>
>
>
> --
> Vijitha Kumara
> Senior Software Engineer; WSO2, Inc.; http://wso2.com/
> email: viji...@wso2.com
>
> Lean . Enterprise . Middleware
>
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
