Hi all,
I hope that you explain to me if possible how to integrate this api-proxy
with WSO2 APIM.
Our APIs are secured by APIM.
We have many applications in Angular SPA.
Thanks
Youcef HILEM
--
Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Development-f3.html
_
Hi all,
Indeed as Thilinda is saying it is completely distinct from APIM gateway
and it covers login/logout as well as api call.
It could be integrated into Identity Server : when you declare some SP then
it could parameter and deploy the server-side proxy
deploy site(s) and HA will have to be d
Hi Youcef,
This is not a replacement for APIM Gateway. APIM Gateway and this are two
different things.
This is an implementation of the security pattern no. 17 described in blog
1.
[1]
https://medium.facilelogin.com/thirty-solution-patterns-with-the-wso2-identity-server-16f9fd0c0389
Regards,
Thi
Hi Thilina,
Could you please explain why APIM Gateway is not suitable?
How to integrate this feature in WSO2 APIM?
In our distributed architecture, we already have enough components and
adding another seems inappropriate.
Thanks
Youcef HILEM
--
Sent from: http://wso2-oxygen-tank.10903.n7.nabbl
Hi all,
The following is the finalized approach for API-Proxy.
API-Proxy will act as a gateway which will pass the requests coming from
the SPA-client to the corresponding backend API.
Before passage acces_token will be included in the request header as
follows,
"Authorization: Bearer "
If I'm t
Hi all,
Since we are clear with the concept behind the Proxy let's get back to the
discussion of APIProxy implementation.
While researching I found that Yahoo provides an API proxy service and it
adopts SQL like language. Please see [1].
In our implementation, we also can adopt the same. For an
Thanks Prabath.
It is clear now.
Regards
Roshan
On Mon, Nov 20, 2017 at 6:11 PM Prabath Siriwardena
wrote:
> Let me clarify what is solved by the encryption here..
>
> Here the proxy uses the code grant type - and it gets access token +
> refresh token. Proxy can either store that at server s
Let me clarify what is solved by the encryption here..
Here the proxy uses the code grant type - and it gets access token +
refresh token. Proxy can either store that at server side and replicate it
across all the nodes - or store them in an encrypted cookie, and make
things stateless..
Encryptio
Hi Nuwan,
On Mon, Nov 20, 2017 at 1:54 AM, Nuwan Dias wrote:
> Hi Thilina,
>
> I still don't understand how encrypting this information makes the proxy
> stateless. What state would the proxy have to bear if this information was
> in plain text? Also why would you need to store the id_token on
Hi Nuwan,
On Sun, Nov 19, 2017 at 8:48 PM, Nuwan Dias wrote:
> Hi Thilina,
>
> What do you gain by encrypting the token that is to be stored on the
> client side? Since the client does not seem to be doing any decryption
> before using the
>
FYI here it is not only just the access_token. It is
Hi Thilina,
My suggestion is, use something similar to that we have done in the APIM
SPAs, or can ballerina doing something with this I am not sure?
Regards
Roshan
On Mon, Nov 20, 2017 at 4:31 PM, Thilina Madumal
wrote:
> Hi Roshan,
>
>
> On Mon, Nov 20, 2017 at 10:43 AM, roshan wijesena
> w
Hi Roshan,
On Mon, Nov 20, 2017 at 10:43 AM, roshan wijesena
wrote:
> Hi Thilina,
>
> How do you create this encrypted token? I agree with NuwanD, if you
> store that encrypted token in the browser, and if some one got that token
> he can
>
For now I'm using symetric encryption. Encrypted to
+Dev list
On Mon, Nov 20, 2017 at 11:01 AM, Thilina Madumal
wrote:
> Hi Roshan,
>
>
> On Mon, Nov 20, 2017 at 10:43 AM, roshan wijesena
> wrote:
>
>> Hi Thilina,
>>
>> How do you create this encrypted token? I agree with NuwanD, if you
>> store that encrypted token in the browser, and if some
Hi Roshan,
I have looked at the APIM 3.0.0-M7 security ilmplementation for store and
publisher SPAs and it seems that it is using password grant_type and using
"server-side" endpoints provided by apim server /login/token/publisher or
/login/token/store.
Do you agree or did I miss something ?
Than
Actually in our case the requests to third-party APIs the we get would look
like the following,
https://wso2.is:9443/oauth_proxy/api_proxy?code="appIdCode"&query="get
name:name,age:18,city:colombo from https://some.third.party.api.com";
https://wso2.is:9443/oauth_proxy/api_proxy?code="appIdCode"&
Hi all,
While researching I found the yahoo provides an API proxy service and it
adopts SQL like language. Please see [1].
In our implementation, we also can adopt the same. For an example from the
SPA it just need to send a query parameter like [2]
If so a request from SPA to our APIProxy will
Hi Ruwan,
On Fri, Nov 17, 2017 at 11:20 AM, Ruwan Abeykoon wrote:
> Hi Thilina,
> Can you try implementing this with Ballerina. This should be a simple case
> for Ballerina.
>
Yep, I'm looking into it.
>
> Cheers,
> Ruwan
>
> On Fri, Nov 17, 2017 at 11:16 AM, Thilina Madumal
> wrote:
>
>> H
Hi Thilina,
Can you try implementing this with Ballerina. This should be a simple case
for Ballerina.
Cheers,
Ruwan
On Fri, Nov 17, 2017 at 11:16 AM, Thilina Madumal
wrote:
> Hi Roshan,
>
>
> On Fri, Nov 17, 2017 at 11:00 AM, roshan wijesena
> wrote:
>
>> Can you please explain more about this
Hi Roshan,
On Fri, Nov 17, 2017 at 11:00 AM, roshan wijesena
wrote:
> Can you please explain more about this API-proxy ? is it only for decrypt
> the token?
>
Actually this proxy has two parts, LoginProxy and APIProxy.
LoginProxy part do the authentication and autherization of the user on
beha
Can you please explain more about this API-proxy ? is it only for decrypt
the token?
APIM 3.0.X has SPA's for it's publisher and store apps, have a look at
security implementation of it. AFAIK, there is a no API proxy in that
implementation.
On Thu, Nov 16, 2017 at 11:06 PM, Thilina Madumal
wrot
Hi Devs,
The idea of an API-Proxy for Single Page Applications is quite helpful in
mitigating inherent security risks of keeping the access_token in the
browser side as plain text.
Here the idea is to keep the access_token encrypted and set in a cookie.
API-Proxy will mediate all the calls for th
21 matches
Mail list logo
