Hi all I'm working on the improvement of client authentication for OAuth2 Introspection endpoint[1]. Currently, it supports authentication via basic authentication and bearer token authentication.
In this improvement, we're going to introduce authentication via client ID and secret. But the problem with this approach is that both basic authentication and the $subject has the same authorization header. Because of this reason incoming requests have to go through both basic authentication handler and $subject authentication handler which results in additional overhead. The current implementation is as follows[2]. Please provide your insight on the $subject. [1] https://github.com/wso2/product-is/issues/4314 [2] https://github.com/wso2-extensions/identity-carbon-auth-rest/pull/67 Best Regards Isuranga Perera
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
