Re: [Dev] Returning token state from Identity Server introspect response.

2016-12-03 Thread Ishara Cooray 
Thanks Farasath and Maduranga.

Hi Nuwan/Sanjeewa,

As per the above we won't be able to respond to an api request with reason
for an inactive token such as 'token expired' but we will respond as 'token
is inactive'.

Appreciate your thoughts.



Thanks & Regards,
Ishara Cooray
Senior Software Engineer
Mobile : +9477 262 9512
WSO2, Inc. | http://wso2.com/
Lean . Enterprise . Middleware

On Sat, Dec 3, 2016 at 12:08 AM, Maduranga Siriwardena 
wrote:

> Hi Ishara,
>
> According to the specification, it is not recommended to expose too much
> details about why the token is not active.
>
>Note that to avoid disclosing too
>much of the authorization server's state to a third party, the
>authorization server SHOULD NOT include any additional information
>about an inactive token, including why the token is inactive.
>
>
> Sending response as expired, expose too much details about the
> authorization server's state, as I understand. And in the same time 
> specification
> specifically says to send {"active": false} response for any inactive
> token or any error response (other than unauthorized client). So sending
> such a custom attribute is not suitable either.
>
> Thanks,
>
> On Fri, Dec 2, 2016 at 10:51 PM, Farasath Ahamed 
> wrote:
>
>> Hi Ishara,
>>
>> The '*active*' parameter is mandatory according to the Introspection
>> spec[1], to indicate the status of the token.
>>
>> If we are to send something like what you have suggested we could do so
>> by using a custom attribute in response. But then again that would be
>> something specific to our implementation and would not be understood by
>> standard clients right?
>>
>>
>> [1] https://tools.ietf.org/html/rfc7662#section-2.2
>>
>>
>> Thanks,
>> Farasath Ahamed
>> Software Engineer, WSO2 Inc.; http://wso2.com
>> Mobile: +94777603866
>> Blog: blog.farazath.com
>> Twitter: @farazath619 
>> 
>>
>>
>>
>> On Fri, Dec 2, 2016 at 10:38 PM, Ishara Cooray  wrote:
>>
>>> I have used introspect end point to get token info with Identity Server
>>> 5.3.0
>>> I get {'active':false} response even for expired token.
>>>
>>> *Request :*
>>> curl -k -H 'Content-Type: application/x-www-form-urlencoded' -X POST
>>> --data 'token=a2c12c81-33fb-3e07-aa5e-c50639011199'
>>> https://localhost:9443/oauth2/introspect
>>> 
>>>
>>> *Response:*
>>> {'active':false}
>>>
>>> But, if we can have the{ state : expired } that way we can provide a
>>> more concrete response to end user.
>>>
>>> wdyt?
>>>
>>> Thanks & Regards,
>>> Ishara Cooray
>>> Senior Software Eng
>>>
>>> ineer
>>> Mobile : +9477 262 9512 <+94%2077%20262%209512>
>>> WSO2, Inc. | http://wso2.com/
>>> Lean . Enterprise . Middleware
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Maduranga Siriwardena
> Software Engineer
> WSO2 Inc; http://wso2.com/
>
> Email: madura...@wso2.com
> Mobile: +94718990591 <+94%2071%20899%200591>
> Blog: http://madurangasblogs.blogspot.com/
> 
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] 401 Error: Unauthorized - Illegal access attempt from IP address 10.100.0.187 while trying to authenticate access to service ExternalTryitService

2016-12-03 Thread Abimaran Kugathasan 
Hi LacraM,

The original issue [1] was reported in 2013 and pretty old. Can you let us
know which API Manager and Identity Server version you are using?


[1] :
http://wso2-oxygen-tank.10903.n7.nabble.com/Dev-401-Error-Unauthorized-Illegal-access-attempt-from-IP-address-10-100-0-187-while-trying-to-authee-td84120.html#a144824

On Fri, Dec 2, 2016 at 8:46 PM, LacraM  wrote:

> Hi,
>
> I am facing the same issue with the KeyManager from API Manager. Did you
> find out what was the problem?
>
> Thanks!
>
>
>
> --
> View this message in context: http://wso2-oxygen-tank.10903.
> n7.nabble.com/Dev-401-Error-Unauthorized-Illegal-access-
> attempt-from-IP-address-10-100-0-187-while-trying-to-
> authee-tp84120p144824.html
> Sent from the WSO2 Development mailing list archive at Nabble.com.
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>



-- 
Thanks
Abimaran Kugathasan
Senior Software Engineer - API Technologies

Email : abima...@wso2.com
Mobile : +94 773922820


  
  
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev