+1 I will work on refactoring On Friday, November 3, 2017, Isura Karunaratne <[email protected]> wrote: > > On Thu, Nov 2, 2017 at 9:37 PM Danushka Fernando <[email protected]> wrote: >> >> @Isura >> Thanks for pointing out. But still there is a dead code there which will never get triggered right? Shall we refactor that code? > > +1 > @Nuwandi, > Can you work on this refactoring? > Thanks > Isura. >> >> Thanks & Regards >> Danushka Fernando >> Associate Tech Lead >> WSO2 inc. http://wso2.com/ >> Mobile : +94716332729 >> On Thu, Nov 2, 2017 at 9:08 PM, Isura Karunaratne <[email protected]> wrote: >>> >>> Hi Danushka, >>> Other than the responseType validation validateAccessDelegation method does the OAuth callback handles invocation. OAuth callback handler is an extension point that can be used to validate the access based on >>> >>> AuthenticatedUser >>> Consumer Key >>> Scopes >>> ResponseType >>> >>> We can register new CallBackHandlers based on the requirements and configure it in identity.xml file >>> <OAuthCallbackHandlers> >>> <OAuthCallbackHandler Class="org.wso2.carbon.identity.oauth.callback.DefaultCallbackHandler"/> >>> </OAuthCallbackHandlers> >>> Thanks >>> Isura. >>> On Thu, Nov 2, 2017 at 2:54 PM, Danushka Fernando <[email protected]> wrote: >>>> >>>> Hi All >>>> When access token, id token, auth code or open id token is requested, it will go through AuthorizationHandlerManager[1] class to authorize the client. There are three authorization steps [2]. >>>> >>>> First check is isAuthorized check. Here it checks whether its requesting a token or a code and according to that it will check implicit or code grant types are allowed for the application and returns true of false.[3] >>>> Second check is validateAccessDelegation check. Here also it checks the request type and will check allowance of implicit or code grant types and returns true or false.[4] >>>> Third is scope validation >>>> >>>> So according to this analysis both check #1 and #2 are doing the same thing and I don't see a way of check #1 getting passed and check #2 getting failed. Please correct me if I am wrong. >>>> If this is correct shall we do the necessary adjustment to reduce the complexity of the code? >>>> >>>> [1] https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/AuthorizationHandlerManager.java >>>> [2] https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/AuthorizationHandlerManager.java#L100-L123 >>>> [3] https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/handlers/AbstractResponseTypeHandler.java#L128-L165 >>>> [4] https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/handlers/AbstractResponseTypeHandler.java#L66-L104
>>>> Thanks & Regards >>>> Danushka Fernando >>>> Associate Tech Lead >>>> WSO2 inc. http://wso2.com/ >>>> Mobile : +94716332729 >>> >>> >>> -- >>> Isura Dilhara Karunaratne >>> Associate Technical Lead | WSO2 >>> Email: [email protected] >>> Mob : +94 772 254 810 >>> Blog : http://isurad.blogspot.com/ >>> >>> >> > -- > Isura Dilhara Karunaratne > Associate Technical Lead | WSO2 > Email: [email protected] > Mob : +94 772 254 810 > Blog : http://isurad.blogspot.com/ > > > -- Best Regards, Nuwandi Wickramasinghe Software Engineer WSO2 Inc. Web : http://wso2.com Mobile : 0719214873
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
