Re: [Architecture] Auth0 OpenID Connector for IS

2019-01-17 Thread Nirubikaa Ravikumar 
Hi Nilasini,

 Thank you for the info I was able to get the user profile details once I
pass the scope as openId profile with the generic OIDC Federation
connector. So I will check the other multifactor authentication flows and
update the threats.

Thanks,

On Wed, Jan 16, 2019 at 1:14 AM Nilasini Thirunavukkarasu 
wrote:

> Hi Nirubikaa,
>
> Scope *openid* is not hardcoded in [1] hence could pass the scope as
> *openid profile* through your identity provider configuration as below.
>
> [image: scope_configuration.png]
>
> [1]
> https://github.com/wso2-extensions/identity-outbound-auth-oidc/blob/9ede5dd6b616a1d70e0609dfd45263771d750d32/components/org.wso2.carbon.identity.application.authenticator.oidc/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/OpenIDConnectAuthenticator.java#L280
>
> Thanks,
> Nila.
>
> On Tue, Jan 15, 2019 at 1:14 PM Nirubikaa Ravikumar 
> wrote:
>
>> Hi Farasath,
>> I tried with our generic OIDC Federation connector. And through that I
>> log in with trevelocity.com.It allows to authenticate but after login
>> shows "you are logged in as  auth0|5c0df06fe978c52e154f1d35", but I could
>> not get information which is related to the authenticated user (user
>> attributes). Hence I have debugged the code [1] & [2] and found that the
>> scope was set to openid as a default one. But for Auth0 we need to
>> provide scope as the openid profile to get the user information.Hence do
>> we need to improve the generic OIDC federation connector or Do we need to
>> have a separate authenticator for that?Highly appreciate your input on
>> this.
>> [1]
>> [image: debug.png]
>>
>> [2]
>> https://github.com/wso2-extensions/identity-outbound-auth-oidc/blob/9ede5dd6b616a1d70e0609dfd45263771d750d32/components/org.wso2.carbon.identity.application.authenticator.oidc/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/OpenIDConnectAuthenticator.java#L263
>>
>> Thanks,
>>
>>
>> On Mon, Jan 7, 2019 at 3:47 PM Farasath Ahamed 
>> wrote:
>>
>>> Hi Nirubikaa,
>>>
>>> Before we start implementing this connector can we try our generic OIDC
>>> Federation connector[1] to talk to Auth0 and see if it works?
>>> Ideally, if Auth0 is having a standard OIDC Endpoint then this should
>>> work without any issues.
>>>
>>> [1]
>>> https://docs.wso2.com/display/IS570/Configuring+OAuth2-OpenID+Connect
>>>
>>> On Mon, Jan 7, 2019 at 2:53 PM Nirubikaa Ravikumar 
>>> wrote:
>>>
 please find the image,

 On Mon, Jan 7, 2019 at 1:23 PM Nirubikaa Ravikumar 
 wrote:

> Hi all,
> I am planing to work on  "Auth0 OpenID Connector ". Please find the
> flow diagram below:
>
>
>
>
> In the flow of OpenID Connect,
>
> User sends a request to service provider, then the request is
> redirected to the WSO2 IS .Then the WSO2 IS requests to get authorization
> code with client credentials, and Openid scope. Then the Auth0
> redirects to the request with Authorization code.
>
> Then WSO2 IS requests Access token, to that Auth0 responses with the
> Access token, An ID token is issued from the token endpoint in addition to
> an Access token.
>
> WSO2 IS requests to get user info, And Auth0 can retrieve user
> information from the ID token or Access token.
>
> Thanks.
> --
> R.Nirubikaa
> Intern | WSO2
> M: O779108852
>
>
>


 --
 R.Nirubikaa
 Intern | WSO2
 M: O779108852



>>>
>>>
>>> --
>>> Farasath Ahamed
>>> Senior Software Engineer, WSO2 Inc.; http://wso2.com
>>> Mobile: +94777603866
>>> Blog: blog.farazath.com
>>> Twitter: @farazath619 
>>> 
>>>
>>>
>>>
>>>
>>
>> --
>> R.Nirubikaa
>> Software Engineering Intern | WSO2
>> M: O779108852
>>
>>
>> ___
>> Architecture mailing list
>> Architecture@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>
>
> --
> Nilasini Thirunavukkarasu
> Software Engineer - WSO2
>
> Email : nilas...@wso2.com
> Mobile : +94775241823
> Web : http://wso2.com/
>
>
> 
>


-- 
R.Nirubikaa
Software Engineering Intern | WSO2
M: O779108852
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Auth0 OpenID Connector for IS

2019-01-14 Thread Nirubikaa Ravikumar 
Hi all,
plese find the sample request and response.

*Authorization Code Grant Type*

request
https://testapp1996.auth0.com/authorize?audience=https://testapp1996.auth0.com/api/v2/=openid_type=code_id=kyq73nra4j5KSm6xg8hoqPltt12Q3UvQ_uri=https://www.google.lk=123

response
https://www.google.lk/?code=z2oK4XkLUAiACfeG=123

Authorization code : z2oK4XkLUAiACfeG


*get-Access token*

endpoint
https://testapp1996.auth0.com/oauth/token

payload
{
  "grant_type": "authorization_code",
  "client_id": "kyq73nra4j5KSm6xg8hoqPltt12Q3UvQ",
  "client_secret":
"PkyrWSBrqQB7TXJdpcTZ8RhqqL9EAZbG57a9Lzv9cOQuMv90cJwgOyAvtgHkhp1p",
  "code": "z2oK4XkLUAiACfeG",
  "redirect_uri": "https://www.google.lk;
}

response
{
"access_token":
"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik5UZzROVFpEUlVSQlJUSTNNVEkxT1RSQ01FVTRNRFl4UkVVMlFqQXhRakkyUWtNMFJrRTRPQSJ9.eyJpc3MiOiJodHRwczovL3Rlc3RhcHAxOTk2LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHw1YzBkZjA2ZmU5NzhjNTJlMTU0ZjFkMzUiLCJhdWQiOlsiaHR0cHM6Ly90ZXN0YXBwMTk5Ni5hdXRoMC5jb20vYXBpL3YyLyIsImh0dHBzOi8vdGVzdGFwcDE5OTYuYXV0aDAuY29tL3VzZXJpbmZvIl0sImlhdCI6MTU0NjgzNTk5NiwiZXhwIjoxNTQ2OTIyMzk2LCJhenAiOiJreXE3M25yYTRqNUtTbTZ4Zzhob3FQbHR0MTJRM1V2USIsInNjb3BlIjoib3BlbmlkIn0.tS_4FK-tscfvtLNR9i2CsgoNy6I8LWUbUgzSOHeb9X6NkNbN7fzuY2gOVcwz3P0sFdHB6yfe4epTUzNivWJCcuGq_vAaLCVcSz_2cTkMJOTo_3Te149iqclY82SVAcih3ydIH7pPGJnXkgXG7-PvrIIhOWSe_w-tUA92j6hr0-pjASbEpY_es8keT6xnsY979dKiW3kujmlwawjXdwj39WTBXXx05ZXdlrG8vtANqGj9fazkbhHGDhWVpGzStPX7fnouf_fzHUUhw8yixCvhit2L7xQXbY61TpS3-CfDyOjfFk77PYE5W5gd3AwIbqWBPoKajYcTp0lpPz73BV-8rQ",
"id_token":
"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik5UZzROVFpEUlVSQlJUSTNNVEkxT1RSQ01FVTRNRFl4UkVVMlFqQXhRakkyUWtNMFJrRTRPQSJ9.eyJpc3MiOiJodHRwczovL3Rlc3RhcHAxOTk2LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHw1YzBkZjA2ZmU5NzhjNTJlMTU0ZjFkMzUiLCJhdWQiOiJreXE3M25yYTRqNUtTbTZ4Zzhob3FQbHR0MTJRM1V2USIsImlhdCI6MTU0NjgzNTk5NiwiZXhwIjoxNTQ2ODcxOTk2LCJhY3IiOiJodHRwOi8vc2NoZW1hcy5vcGVuaWQubmV0L3BhcGUvcG9saWNpZXMvMjAwNy8wNi9tdWx0aS1mYWN0b3IiLCJhbXIiOlsibWZhIl19.gZnVMIBABNU_lYeKwEG6eGK51N21LOa6r3yyNmCp27jvMds3O9nDb1A3rvtW0LgeCb5k68xi94Lvi_Ui2wmXqyv2_-QixluK8QWWv1l-xAd5bYwRQbQV1bAIZZOxceS2e2Q10gIdPKQTLHkEGhkh7NYyzbSvnSwyTUTXhBn6-r-Wdx6fqZBbXKVo4a5SJTQnu9O_FQ7Wjy4naO2xHPi1L4xWFNwPQhv2p1nlUdpYusg4sy_w3j9V9mhw5qHo_q1GQ-hVoPpgJZ6kXYOCIVrqJ8yxM30PduN2tTOK9VD64P6UiAYlqBA5GLIdtD-7kS92mgiIuBRFIxp-3pwL7REMLA",
"expires_in": 86400,
"token_type": "Bearer"
}

Thanks

On Mon, Jan 7, 2019 at 3:16 PM Naduni Pamudika  wrote:

> Hi Nirubikaa,
>
> On Mon, Jan 7, 2019 at 1:23 PM Nirubikaa Ravikumar 
> wrote:
>
>> Hi all,
>> I am planing to work on  "Auth0 OpenID Connector ". Please find the flow
>> diagram below:
>>
>> In the flow of OpenID Connect,
>>
>> User sends a request to service provider, then the request is redirected
>> to the WSO2 IS .Then the WSO2 IS requests to get authorization code with
>> client credentials, and Openid scope. Then the Auth0 redirects to the
>> request with Authorization code.
>>
>> For the Authorization code request, as I read we need to send only the
> client Id (not both the client id and the secret).
>
> Could you please provide sample requests and responses for the flow you
> explained here? It would help others understand OIDC using Auth0 easily.
>
> Thanks,
> Naduni
>
>> Then WSO2 IS requests Access token, to that Auth0 responses with the
>> Access token, An ID token is issued from the token endpoint in addition to
>> an Access token.
>>
>> WSO2 IS requests to get user info, And Auth0 can retrieve user
>> information from the ID token or Access token.
>>
>> Thanks.
>> --
>> R.Nirubikaa
>> Intern | WSO2
>> M: O779108852
>>
>>
>>
>
>
> --
> *Naduni Pamudika*
> Software Engineer | WSO2
>
> Mobile: +94 719 143658 <+94%2071%20914%203658>
> LinkedIn: https://lk.linkedin.com/in/naduni-pamudika
> Blog: https://medium.com/@naduni_pamudika
> [image: http://wso2.com/signature] 
>


-- 
R.Nirubikaa
Intern | WSO2
M: O779108852
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Auth0 OpenID Connector for IS

2019-01-14 Thread Farasath Ahamed 
Hi Nirubikaa,

Before we start implementing this connector can we try our generic OIDC
Federation connector[1] to talk to Auth0 and see if it works?
Ideally, if Auth0 is having a standard OIDC Endpoint then this should work
without any issues.

[1] https://docs.wso2.com/display/IS570/Configuring+OAuth2-OpenID+Connect

On Mon, Jan 7, 2019 at 2:53 PM Nirubikaa Ravikumar 
wrote:

> please find the image,
>
> On Mon, Jan 7, 2019 at 1:23 PM Nirubikaa Ravikumar 
> wrote:
>
>> Hi all,
>> I am planing to work on  "Auth0 OpenID Connector ". Please find the flow
>> diagram below:
>>
>>
>>
>>
>> In the flow of OpenID Connect,
>>
>> User sends a request to service provider, then the request is redirected
>> to the WSO2 IS .Then the WSO2 IS requests to get authorization code with
>> client credentials, and Openid scope. Then the Auth0 redirects to the
>> request with Authorization code.
>>
>> Then WSO2 IS requests Access token, to that Auth0 responses with the
>> Access token, An ID token is issued from the token endpoint in addition to
>> an Access token.
>>
>> WSO2 IS requests to get user info, And Auth0 can retrieve user
>> information from the ID token or Access token.
>>
>> Thanks.
>> --
>> R.Nirubikaa
>> Intern | WSO2
>> M: O779108852
>>
>>
>>
>
>
> --
> R.Nirubikaa
> Intern | WSO2
> M: O779108852
>
>
>


-- 
Farasath Ahamed
Senior Software Engineer, WSO2 Inc.; http://wso2.com
Mobile: +94777603866
Blog: blog.farazath.com
Twitter: @farazath619 

___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Auth0 OpenID Connector for IS

2019-01-14 Thread Naduni Pamudika 
Hi Nirubikaa,

On Mon, Jan 7, 2019 at 1:23 PM Nirubikaa Ravikumar 
wrote:

> Hi all,
> I am planing to work on  "Auth0 OpenID Connector ". Please find the flow
> diagram below:
>
> In the flow of OpenID Connect,
>
> User sends a request to service provider, then the request is redirected
> to the WSO2 IS .Then the WSO2 IS requests to get authorization code with
> client credentials, and Openid scope. Then the Auth0 redirects to the
> request with Authorization code.
>
> For the Authorization code request, as I read we need to send only the
client Id (not both the client id and the secret).

Could you please provide sample requests and responses for the flow you
explained here? It would help others understand OIDC using Auth0 easily.

Thanks,
Naduni

> Then WSO2 IS requests Access token, to that Auth0 responses with the
> Access token, An ID token is issued from the token endpoint in addition to
> an Access token.
>
> WSO2 IS requests to get user info, And Auth0 can retrieve user information
> from the ID token or Access token.
>
> Thanks.
> --
> R.Nirubikaa
> Intern | WSO2
> M: O779108852
>
>
>


-- 
*Naduni Pamudika*
Software Engineer | WSO2

Mobile: +94 719 143658 <+94%2071%20914%203658>
LinkedIn: https://lk.linkedin.com/in/naduni-pamudika
Blog: https://medium.com/@naduni_pamudika
[image: http://wso2.com/signature] 
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Auth0 OpenID Connector for IS

2019-01-14 Thread Nirubikaa Ravikumar 
please find the image,

On Mon, Jan 7, 2019 at 1:23 PM Nirubikaa Ravikumar 
wrote:

> Hi all,
> I am planing to work on  "Auth0 OpenID Connector ". Please find the flow
> diagram below:
>
>
>
>
> In the flow of OpenID Connect,
>
> User sends a request to service provider, then the request is redirected
> to the WSO2 IS .Then the WSO2 IS requests to get authorization code with
> client credentials, and Openid scope. Then the Auth0 redirects to the
> request with Authorization code.
>
> Then WSO2 IS requests Access token, to that Auth0 responses with the
> Access token, An ID token is issued from the token endpoint in addition to
> an Access token.
>
> WSO2 IS requests to get user info, And Auth0 can retrieve user information
> from the ID token or Access token.
>
> Thanks.
> --
> R.Nirubikaa
> Intern | WSO2
> M: O779108852
>
>
>


-- 
R.Nirubikaa
Intern | WSO2
M: O779108852
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Auth0 OpenID Connector for IS

2019-01-14 Thread Nuwan Dias 
Hi Nirubikaa,

The image hasn't loaded it seems, could you attach it please?

I'm trying to figure out the problem we're trying to solve with this
solution. Could you briefly explain the use case (problem) as well please?

Thanks,
NuwanD.

On Mon, Jan 7, 2019 at 1:23 PM Nirubikaa Ravikumar 
wrote:

> Hi all,
> I am planing to work on  "Auth0 OpenID Connector ". Please find the flow
> diagram below:
>
>
>
>
> In the flow of OpenID Connect,
>
> User sends a request to service provider, then the request is redirected
> to the WSO2 IS .Then the WSO2 IS requests to get authorization code with
> client credentials, and Openid scope. Then the Auth0 redirects to the
> request with Authorization code.
>
> Then WSO2 IS requests Access token, to that Auth0 responses with the
> Access token, An ID token is issued from the token endpoint in addition to
> an Access token.
>
> WSO2 IS requests to get user info, And Auth0 can retrieve user information
> from the ID token or Access token.
>
> Thanks.
> --
> R.Nirubikaa
> Intern | WSO2
> M: O779108852
>
>
>


-- 
*Nuwan Dias* | Director | WSO2 Inc.
(m) +94 777 775 729 | (e) nuw...@wso2.com
[image: Signature.jpg]
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Auth0 OpenID Connector for IS

2019-01-14 Thread Nilasini Thirunavukkarasu 
Hi Nirubikaa,

We couldn't able to see the diagram. Could you please re-attach the image?

Thanks,
Nila.

On Mon, Jan 7, 2019 at 1:23 PM Nirubikaa Ravikumar 
wrote:

> Hi all,
> I am planing to work on  "Auth0 OpenID Connector ". Please find the flow
> diagram below:
>
>
>
>
> In the flow of OpenID Connect,
>
> User sends a request to service provider, then the request is redirected
> to the WSO2 IS .Then the WSO2 IS requests to get authorization code with
> client credentials, and Openid scope. Then the Auth0 redirects to the
> request with Authorization code.
>
> Then WSO2 IS requests Access token, to that Auth0 responses with the
> Access token, An ID token is issued from the token endpoint in addition to
> an Access token.
>
> WSO2 IS requests to get user info, And Auth0 can retrieve user information
> from the ID token or Access token.
>
> Thanks.
> --
> R.Nirubikaa
> Intern | WSO2
> M: O779108852
>
>
>


-- 
Nilasini Thirunavukkarasu
Software Engineer - WSO2

Email : nilas...@wso2.com
Mobile : +94775241823
Web : http://wso2.com/



___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Auth0 OpenID Connector for IS

2019-01-14 Thread Nirubikaa Ravikumar 
please find the image,


On Mon, Jan 7, 2019 at 1:23 PM Nirubikaa Ravikumar 
wrote:

> Hi all,
> I am planing to work on  "Auth0 OpenID Connector ". Please find the flow
> diagram below:
>
>
>
>
> In the flow of OpenID Connect,
>
> User sends a request to service provider, then the request is redirected
> to the WSO2 IS .Then the WSO2 IS requests to get authorization code with
> client credentials, and Openid scope. Then the Auth0 redirects to the
> request with Authorization code.
>
> Then WSO2 IS requests Access token, to that Auth0 responses with the
> Access token, An ID token is issued from the token endpoint in addition to
> an Access token.
>
> WSO2 IS requests to get user info, And Auth0 can retrieve user information
> from the ID token or Access token.
>
> Thanks.
> --
> R.Nirubikaa
> Intern | WSO2
> M: O779108852
>
>
>


-- 
R.Nirubikaa
Intern | WSO2
M: O779108852
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Auth0 OpenID Connector for IS

2019-01-14 Thread Nirubikaa Ravikumar 
please find the image,

On Mon, Jan 7, 2019 at 1:23 PM Nirubikaa Ravikumar 
wrote:

> Hi all,
> I am planing to work on  "Auth0 OpenID Connector ". Please find the flow
> diagram below:
>
>
>
>
> In the flow of OpenID Connect,
>
> User sends a request to service provider, then the request is redirected
> to the WSO2 IS .Then the WSO2 IS requests to get authorization code with
> client credentials, and Openid scope. Then the Auth0 redirects to the
> request with Authorization code.
>
> Then WSO2 IS requests Access token, to that Auth0 responses with the
> Access token, An ID token is issued from the token endpoint in addition to
> an Access token.
>
> WSO2 IS requests to get user info, And Auth0 can retrieve user information
> from the ID token or Access token.
>
> Thanks.
> --
> R.Nirubikaa
> Intern | WSO2
> M: O779108852
>
>
>


-- 
R.Nirubikaa
Intern | WSO2
M: O779108852
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

[Architecture] Auth0 OpenID Connector for IS

2019-01-14 Thread Nirubikaa Ravikumar 
Hi all,
I am planing to work on  "Auth0 OpenID Connector ". Please find the flow
diagram below:




In the flow of OpenID Connect,

User sends a request to service provider, then the request is redirected to
the WSO2 IS .Then the WSO2 IS requests to get authorization code with
client credentials, and Openid scope. Then the Auth0 redirects to the
request with Authorization code.

Then WSO2 IS requests Access token, to that Auth0 responses with the Access
token, An ID token is issued from the token endpoint in addition to an
Access token.

WSO2 IS requests to get user info, And Auth0 can retrieve user information
from the ID token or Access token.

Thanks.
-- 
R.Nirubikaa
Intern | WSO2
M: O779108852
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture