On Tue, Sep 17, 2019 at 3:36 PM Piraveena Paralogarajah <[email protected]> wrote:
> Hi Devs, > > According to this doc [1], we can implement a new client authenticator by > implementing > this > org.wso2.carbon.identity.oauth2.token.handlers.clientauth.ClientAuthenticationHandler > interface. But this particular interface is in wso2-attic [2 ] now and is > no longer used in OAuth component [3]. BasicAuthClientAuthenticator and > PrivateKeyJWTClientAuthenticator > implement AbstractIdentityHandler [4]. > > I have some concerns regarding this. > > 1. Are we still using > > org.wso2.carbon.identity.oauth2.token.handlers.clientauth.ClientAuthenticationHandler > to register a Client Authenticator? If we are not using, then we can remove > it from the IS 5.8.0 doc [1] and add the configuration for > using AbstractIdentityHandler in the doc space. > > IIRC this was the approach which we used initially when patching 5.3.0 (I am not quite sure about this version). We should not recommend writing OAuth client authenticators using this extension point for later versions since a more flexible and comprehensive mechanism is provided using AbstractIdentityHandler. Hence +1 for removing this from docs for new versions of IS. > > 1. For BasicAuthClientAuthenticator and other client authenticators, > we are using AbstractIdentityHandler which is an event listener in > identity.xml file. Is there any specific reason for registering as an event > listener? > > I think the problem/confusion is with the literal meaning of the configuration element (*EventListener*). Ideally it should have been IdentityHandler or some name which gives the broad idea of a handler. If you go through the existing so called EventListners, most of them have nothing to do with listening to an event. These handlers have nothing specific to eventing architecture which we have in IS. The reason for keep using this handler is the flexibility it provides. We can turn on and off it while passing required additional configurations inside the handler itself. Also it provides basic infrastructure for controlling the order of the execution. These are the basics of a handler that we would need to reuse. Appreciate your input on this. > > [1] > https://docs.wso2.com/display/IS580/Extension+Points+for+OAuth#ExtensionPointsforOAuth-ClientAuthenticationHandler > [2] > https://github.com/wso2-attic/carbon-identity/blob/master/components/oauth/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/clientauth/ClientAuthenticationHandler.java > [3] > https://github.com/wso2-extensions/identity-inbound-auth-oauth/tree/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/client/authentication > [4] > https://docs.wso2.com/display/IS580/Private+Key+JWT+Client+Authentication+for+OIDC > > Thanks, > Piraveena > *Piraveena Paralogarajah* > Software Engineer | WSO2 Inc. > *(m)* +94776099594 | *(e)* [email protected] > > -- Hasintha Indrajee WSO2, Inc. Mobile:+94 771892453
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
