We need to secure recovery APIs and self-registration APIs ( *api/identity/recovery* and *api/identity/user*).
Thanks Isura *Isura Dilhara Karunaratne* Senior Software Engineer | WSO2 Email: is...@wso2.com Mob : +94 772 254 810 Blog : http://isurad.blogspot.com/ On Thu, Oct 20, 2016 at 2:24 AM, Harsha Thirimanna <hars...@wso2.com> wrote: > +1 then. We can intergrate later. > But for DCR , we have to fix that because of specification. > > *Harsha Thirimanna* > Associate Tech Lead | WSO2 > > Email: hars...@wso2.com > Mob: +94715186770 > Blog: http://harshathirimanna.blogspot.com/ > Twitter: http://twitter.com/harshathirimann > Linked-In: linked-in: http://www.linkedin.com/pub/ > harsha-thirimanna/10/ab8/122 > <http://wso2.com/signature> > > On Thu, Oct 20, 2016 at 1:48 PM, Ishara Karunarathna <isha...@wso2.com> > wrote: > >> >> >> On Thu, Oct 20, 2016 at 1:40 PM, Harsha Thirimanna <hars...@wso2.com> >> wrote: >> >>> >>> >>> *Harsha Thirimanna* >>> Associate Tech Lead | WSO2 >>> >>> Email: hars...@wso2.com >>> Mob: +94715186770 >>> Blog: http://harshathirimanna.blogspot.com/ >>> Twitter: http://twitter.com/harshathirimann >>> Linked-In: linked-in: http://www.linkedin.com/pub/ha >>> rsha-thirimanna/10/ab8/122 >>> <http://wso2.com/signature> >>> >>> On Thu, Oct 20, 2016 at 1:39 PM, Harsha Thirimanna <hars...@wso2.com> >>> wrote: >>> >>>> Moving to DEV... >>>> >>>> *Harsha Thirimanna* >>>> Associate Tech Lead | WSO2 >>>> >>>> Email: hars...@wso2.com >>>> Mob: +94715186770 >>>> Blog: http://harshathirimanna.blogspot.com/ >>>> Twitter: http://twitter.com/harshathirimann >>>> Linked-In: linked-in: http://www.linkedin.com/pub/ha >>>> rsha-thirimanna/10/ab8/122 >>>> <http://wso2.com/signature> >>>> >>>> On Thu, Oct 20, 2016 at 12:49 PM, Harsha Thirimanna <hars...@wso2.com> >>>> wrote: >>>> >>> Hi, >> >> At this point I don't think that its good idea to remove already >> available authentication mechanism and use this instead, for secured APIs >> since those may have some logics those apis need. >> >> Instead only check with the REST APIs that need security. >> WDYT ? >> >> -Ishara >> >>> If there any REST API that already secured within itself the feature, >>>>> then we have to remove it and use this. As ex : DCR. in DCR we expect user >>>>> in request payload for now and that APIs are not secured. After apply this >>>>> we can remove the user from request payload and rely on this. And same as >>>>> we may have to check other REST APIs whether those are rely on any other >>>>> secure mechanism. >>>>> >>>>> @Isura, Can you please confirm in identity management REST API like >>>>> inforecovery ? >>>>> >>>>> @Ayesha, >>>>> Ishara already test the DCR and you can fix that removing user in >>>>> payload, apply this and test. >>>>> >>>>> *Harsha Thirimanna* >>>>> Associate Tech Lead | WSO2 >>>>> >>>>> Email: hars...@wso2.com >>>>> Mob: +94715186770 >>>>> Blog: http://harshathirimanna.blogspot.com/ >>>>> Twitter: http://twitter.com/harshathirimann >>>>> Linked-In: linked-in: http://www.linkedin.com/pub/ha >>>>> rsha-thirimanna/10/ab8/122 >>>>> <http://wso2.com/signature> >>>>> >>>>> On Thu, Oct 20, 2016 at 12:34 PM, Ishara Karunarathna < >>>>> isha...@wso2.com> wrote: >>>>> >>>>>> Hi Ayesha, >>>>>> >>>>>> This feature provide a authentication layer in front of any unsecured >>>>>> REST APIs. So do we need to test this with all the REST APIs ? >>>>>> >>>>>> -Ishara >>>>>> >>>>>> >>>>>> On Thu, Oct 20, 2016 at 12:05 PM, Ayesha Dissanayaka <aye...@wso2.com >>>>>> > wrote: >>>>>> >>>>>>> Hi all, >>>>>>> >>>>>>> I have started testing the"Generic Authentication Mechanism to all >>>>>>> the REST APIs" feature [1] in IS-5.3.0. >>>>>>> Please mention details on REST APIs in IS services which needs to be >>>>>>> secured, so that I can test those APIs with this feature. >>>>>>> >>>>>>> [1] https://wso2.org/jira/browse/IDENTITY-4742 >>>>>>> >>>>>>> Thanks! >>>>>>> -Ayesha >>>>>>> >>>>>>> -- >>>>>>> *Ayesha Dissanayaka* >>>>>>> Software Engineer, >>>>>>> WSO2, Inc : http://wso2.com >>>>>>> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> >>>>>>> 20, Palmgrove Avenue, Colombo 3 >>>>>>> E-Mail: aye...@wso2.com <ayshsa...@gmail.com> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Ishara Karunarathna >>>>>> Associate Technical Lead >>>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>>>> >>>>>> email: isha...@wso2.com, blog: isharaaruna.blogspot.com, mobile: >>>>>> +94717996791 >>>>>> >>>>>> >>>>>> >>>>> >>>> >>> >>> _______________________________________________ >>> Dev mailing list >>> Dev@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> Ishara Karunarathna >> Associate Technical Lead >> WSO2 Inc. - lean . enterprise . middleware | wso2.com >> >> email: isha...@wso2.com, blog: isharaaruna.blogspot.com, mobile: >> +94717996791 >> >> >> > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > >
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev