Re: [Architecture] Supporting Email or Mobile as the Preferred Communication Channel for Users

[Darshana Gunawardana]

Hi Sominda,

This is a nice feature addition to the product. Thanks for getting it done.

Have couple of questions,

   - Could you also mention details on the availability of this capability
   in the master. (Which from milestone onwards it has this functionality and
   related doc links)
   - Do we have a guide that showcase the capability using the Identity
   Server with an end to end use case? If not shall we have one?
   - And can you point me to the git issue that have the details of the
   overall roadmap of this space?


Thanks,

On Wed, Nov 27, 2019 at 7:41 AM Sominda Gamage  wrote:

> Hi all,
>
>
> WUM update for User Self-Registration via Email and SMS is released for
> WSO2 IS 5.7.0 and WSO2 IS 5.7.0 KM. The update number is 5734. The
> configuration details are provided in doc [1] and [2].
>
>
> Document [1] contains a detailed description of the functionality of the
> API with sample API requests and responses. Also, Doc [1] contains more
> information on notification channel selecting criteria. Document [2]
> contains the configurations that are needed to configure self-registration
> to support multiple channels.
>
>
> Improvements by the feature.
>
>- The feature is provided only via the user self-registration APIs
>- A new service has been introduced to determine the preferred channel
>of the user.
>- A new identity claim is introduced to track the preferred
>notification channel of the user.
>- The responses of User-Self registration API has been introduced.
>   - By default this configuration is disabled.
>- The functionality of the Account Confirmation API has been improved.
>   - For more information refer to the extended account confirmation
>   api
>   
> 
>   .
>
>
>
> [1] -
> https://docs.wso2.com/display/IS570/Extending+User+Self+Registration+and+Account+Confirmation
>
> [2] -
> https://docs.wso2.com/display/IS570/Configuring+a+User+Preferred+Notification+Channel
>
>
> Thanks & Regards,
>
> Sominda.
>
> On Wed, Nov 27, 2019 at 7:40 AM Sominda Gamage  wrote:
>
>> Hi all,
>>
>> I have implemented APIs to support self registration via mobile (SMS) or
>> EMAIL as account confirmation channels. According to the implementation,
>> I have defined two notification channels and each channel has several
>> claims bound to it.
>>
>>- Channel Name (EMAIL or SMS)
>>- Channel Value Claim - Claim to store the value of the claims (Eg:
>>http://wso2.org/claims/mobile)
>>- Channel Verified Claim -  A claim to store the verified status of
>>the channel (Eg: http://wso2.org/claims/phoneVerified)
>>
>> Following are the claims associated with each channel
>>
>>- *Email*
>>   - Channel Name: EMAIL
>>   - Value Claim: http://wso2.org/claims/emailaddress
>>   - Verified Claim: http://wso2.org/claims/emailVerified
>>- *Mobile*
>>   - Channel Name: SMS
>>   - Value Claim: http://wso2.org/claims/mobile
>>   - Verified Claim: http://wso2.org/claims/phoneVerified
>>
>> The following properties were added to identity.xml.
>>
>>
>> 1. Configurations in *identity.xml* within the ** tags to
>> resolve the notification channels.
>>
>>
>> **
>>
>> *EMAIL*
>> **
>>
>> *true *
>>
>>
>> *   *
>>
>> **
>>
>>
>> 2. Configurations in *identity.xml* within the ** tags.
>>
>>
>>
>>
>> *true*
>>
>>
>> *True*
>>
>>
>> **
>>
>>
>> For more details on the configurations refer to Configuring a User
>> Preferred Notification Channel
>> 
>> .
>>
>>
>> Thanks and regards,
>> Sominda.
>>
>> On Tue, Aug 13, 2019 at 9:55 AM Sominda Gamage  wrote:
>>
>>> Hi all,
>>>
>>> Please find the solution proposal of implementing a preferred channel
>>> for user self registration flow.
>>>
>>> User self registration
>>> *User Narrative*
>>>
>>>1.
>>>
>>>When a user self registrates, the user
>>>1.
>>>
>>>   Has to provide either a mobile number or an email address or both.
>>>   2.
>>>
>>>   Can provide a preferred communication channel as Email or SMS.
>>>   2.
>>>
>>>Then the user will get recovery notifications based on the provided
>>>communication channels.
>>>
>>>
>>>-
>>>
>>>If the channel is email: navigate to the email and click the
>>>verification link to verify the user account.
>>>-
>>>
>>>If the channel is SMS: provide the received OTP during the self
>>>registration phase and confirm the user account.
>>>
>>> *Solution*
>>>
>>>-
>>>
>>>In a self registration request following claims are required for the
>>>server to initiate an account verification request.
>>>-
>>>
>>>   Either mobile number or email address claims or both claims (At
>>>   least one claim should be in the request

Re: [Architecture] Supporting Email or Mobile as the Preferred Communication Channel for Users

[Darshana Gunawardana]

Thanks for the clarification Sominda. Please update once all (code\docs)
PRs are merged.

Regards,

On Wed, Nov 27, 2019 at 10:33 AM Sominda Gamage  wrote:

> Hello Darshana,
>
> I have done the required changes in the master. The feature will be
> available from WSO2 IS 5.10.0 onwards. Still, the PRs are in the review
> stage. Please find the main PR [1]. I have linked other related PRs in the
> description of PR [1]. Once the feature is released in the latest WSO2 IS,
> I will update the mail thread.
> I have written a document to try out this feature and already sent a PR
> [2] to WSO2 docs-is. But this documentation will only available for WSO2 IS
> 5.10.0.
> I have created separate issues to track the feature.
>
>- Issue [3] is to track supporting multiple verification channels for
>user self-registration and account confirmation.
>- Issue [4] is to track supporting email or mobile as the preferred
>communication channel.
>
>
> [1] - https://github.com/wso2-extensions/identity-governance/pull/324
> [2] - https://github.com/wso2/docs-is/pull/881
> [3] - https://github.com/wso2/product-is/issues/6339
> [4] - https://github.com/wso2/product-is/issues/6116
>
> Thanks and Regards,
> Sominda.
>
> On Wed, Nov 27, 2019 at 8:21 AM Darshana Gunawardana 
> wrote:
>
>> Hi Sominda,
>>
>> This is a nice feature addition to the product. Thanks for getting it
>> done.
>>
>> Have couple of questions,
>>
>>- Could you also mention details on the availability of this
>>capability in the master. (Which from milestone onwards it has this
>>functionality and related doc links)
>>- Do we have a guide that showcase the capability using the Identity
>>Server with an end to end use case? If not shall we have one?
>>- And can you point me to the git issue that have the details of the
>>overall roadmap of this space?
>>
>>
>> Thanks,
>>
>> On Wed, Nov 27, 2019 at 7:41 AM Sominda Gamage  wrote:
>>
>>> Hi all,
>>>
>>>
>>> WUM update for User Self-Registration via Email and SMS is released for
>>> WSO2 IS 5.7.0 and WSO2 IS 5.7.0 KM. The update number is 5734. The
>>> configuration details are provided in doc [1] and [2].
>>>
>>>
>>> Document [1] contains a detailed description of the functionality of the
>>> API with sample API requests and responses. Also, Doc [1] contains more
>>> information on notification channel selecting criteria. Document [2]
>>> contains the configurations that are needed to configure self-registration
>>> to support multiple channels.
>>>
>>>
>>> Improvements by the feature.
>>>
>>>- The feature is provided only via the user self-registration APIs
>>>- A new service has been introduced to determine the preferred
>>>channel of the user.
>>>- A new identity claim is introduced to track the preferred
>>>notification channel of the user.
>>>- The responses of User-Self registration API has been introduced.
>>>   - By default this configuration is disabled.
>>>- The functionality of the Account Confirmation API has been
>>>improved.
>>>   - For more information refer to the extended account confirmation
>>>   api
>>>   
>>> 
>>>   .
>>>
>>>
>>>
>>> [1] -
>>> https://docs.wso2.com/display/IS570/Extending+User+Self+Registration+and+Account+Confirmation
>>>
>>> [2] -
>>> https://docs.wso2.com/display/IS570/Configuring+a+User+Preferred+Notification+Channel
>>>
>>>
>>> Thanks & Regards,
>>>
>>> Sominda.
>>>
>>> On Wed, Nov 27, 2019 at 7:40 AM Sominda Gamage  wrote:
>>>
 Hi all,

 I have implemented APIs to support self registration via mobile (SMS)
 or EMAIL as account confirmation channels. According to the
 implementation, I have defined two notification channels and each channel
 has several claims bound to it.

- Channel Name (EMAIL or SMS)
- Channel Value Claim - Claim to store the value of the claims (Eg:
http://wso2.org/claims/mobile)
- Channel Verified Claim -  A claim to store the verified status of
the channel (Eg: http://wso2.org/claims/phoneVerified)

 Following are the claims associated with each channel

- *Email*
   - Channel Name: EMAIL
   - Value Claim: http://wso2.org/claims/emailaddress
   - Verified Claim: http://wso2.org/claims/emailVerified
- *Mobile*
   - Channel Name: SMS
   - Value Claim: http://wso2.org/claims/mobile
   - Verified Claim: http://wso2.org/claims/phoneVerified

 The following properties were added to identity.xml.


 1. Configurations in *identity.xml* within the ** tags to
 resolve the notification channels.


 **

 *EMAIL*
 **

 *true *


 *   *

 **


 2. Configuration

Re: [Architecture] Making self-contained access tokens the default in APIM 3.0

[Chamila Adhikarinayake]

Hi Sharma,
You could now get the latest API Manager (v3.0.0) from here[1] which has
this feature.
[1] https://wso2.com/api-management/

Regards,
Chamila.

On Mon, Sep 23, 2019 at 2:28 PM Ashish Sharma 
wrote:

> Hi Nuwan
>
> Could you please advise when is the first release (PROD ready) of the API
> Manager with support for  JWTs foreseen?
>
> Met vriendelijke groeten,
>
> Ashish Sharma
>
>
> --
> *From:* Architecture  on behalf of Nuwan
> Dias 
> *Sent:* Tuesday, August 20, 2019 10:52 AM
> *To:* architecture 
> *Subject:* [Architecture] Making self-contained access tokens the default
> in APIM 3.0
>
> Hi,
>
> With the introduction of the Microgateway self-contained access tokens
> were supported in the API Manager since version 2.5. Self-contained access
> tokens however were only supported in the Microgateway so far. The regular
> gateway was unable to process and validate a self-contained access token.
> With API Manager 3.0 we are bringing this support to the regular gateway as
> well. With this we hope to make self-contained tokens the default token
> type of applications. Opaque tokens will still be supported as before.
> There are several benefits of using self-contained access tokens. These are,
>
> 1) The gateway no longer connects to the Key Manager when processing API
> requests. This makes the deployment simpler and reduces configuration
> points a bit.
> 2) We no longer have to scale the Key Manager when we need the Gateway to
> be scaled. This bring a significant reduction to the cost of using the
> product in larger deployments.
> 3) The gateway becomes regionally resilient. A token issued from one
> region can be validated by a gateway in another region even if the data is
> not synced.
> 4) Back-end JWTs will be included in as part of the access token itself
> (self-contained). This eliminates the need of creating back-end JWTs while
> the API request is being processed. Which in turn makes APIs calls much
> faster.
>
> One pending items that's left to handle is the revocation of
> self-contained access tokens. Since the gateway does not connect to the Key
> Manager for validating self-contained tokens, the gateway will not know
> when a particular token has been revoked. Using shorter expiry times for
> access token addresses this solution to a certain extent. We hope to
> implement the same solution we implemented for the Microgateway to address
> this. The Key Manager will be notifying the gateway cluster through a
> broker when a token has been revoked. And the gateway will no longer be
> treating the particular token as valid upon receiving the notification.
>
> Appreciate your thoughts and suggestions on this.
>
> Thanks,
> NuwanD.
> --
> *Nuwan Dias* | Director | WSO2 Inc.
> (m) +94 777 775 729 | (e) nuw...@wso2.com
> [image: Signature.jpg]
> ___
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>


-- 
Regards,
Chamila Adhikarinayake
Associate Technical Lead
WSO2, Inc.
Mobile - +94712346437
Email  - chami...@wso2.com
Blog  -  http://helpfromadhi.blogspot.com/
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture