Hi Danushka,
Other than the responseType validation *validateAccessDelegation *method does
the OAuth callback handles invocation. OAuth callback handler is an
extension point that can be used to validate the access based on
- AuthenticatedUser
- Consumer Key
- Scopes
- ResponseType
We can register new CallBackHandlers based on the requirements and
configure it in identity.xml file
<OAuthCallbackHandlers>
<OAuthCallbackHandler
Class="org.wso2.carbon.identity.oauth.callback.DefaultCallbackHandler"/>
</OAuthCallbackHandlers>
Thanks
Isura.
On Thu, Nov 2, 2017 at 2:54 PM, Danushka Fernando <[email protected]>
wrote:
> Hi All
> When access token, id token, auth code or open id token is requested, it
> will go through AuthorizationHandlerManager[1] class to authorize the
> client. There are three authorization steps [2].
>
> 1. First check is isAuthorized check. Here it checks whether its
> requesting a token or a code and according to that it will check implicit
> or code grant types are allowed for the application and returns true of
> false.[3]
> 2. Second check is validateAccessDelegation check. Here also it checks
> the request type and will check allowance of implicit or code grant types
> and returns true or false.[4]
> 3. Third is scope validation
>
> So according to this analysis both check #1 and #2 are doing the same
> thing and I don't see a way of check #1 getting passed and check #2 getting
> failed. Please correct me if I am wrong.
>
> If this is correct shall we do the necessary adjustment to reduce the
> complexity of the code?
>
>
> [1] https://github.com/wso2-extensions/identity-inbound-
> auth-oauth/blob/master/components/org.wso2.carbon.
> identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/
> AuthorizationHandlerManager.java
> [2] https://github.com/wso2-extensions/identity-inbound-
> auth-oauth/blob/master/components/org.wso2.carbon.
> identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/
> AuthorizationHandlerManager.java#L100-L123
> [3] https://github.com/wso2-extensions/identity-inbound-
> auth-oauth/blob/master/components/org.wso2.carbon.
> identity.oauth/src/main/java/org/wso2/carbon/identity/
> oauth2/authz/handlers/AbstractResponseTypeHandler.java#L128-L165
> [4] https://github.com/wso2-extensions/identity-inbound-
> auth-oauth/blob/master/components/org.wso2.carbon.
> identity.oauth/src/main/java/org/wso2/carbon/identity/
> oauth2/authz/handlers/AbstractResponseTypeHandler.java#L66-L104
>
> Thanks & Regards
> Danushka Fernando
> Associate Tech Lead
> WSO2 inc. http://wso2.com/
> Mobile : +94716332729 <+94%2071%20633%202729>
>
--
*Isura Dilhara Karunaratne*
Associate Technical Lead | WSO2
Email: [email protected]
Mob : +94 772 254 810
Blog : http://isurad.blogspot.com/
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
