On Fri, Oct 4, 2013 at 11:21 AM, Prabath Siriwardena <prab...@wso2.com>wrote:
> But why do we need to make those uppercase when we store ? What was the > reason behind that... > We check for upper case in Gateway routing logic. This is the only place that comes to my mind as of now. So it might be simple as changing this in gateway. > > Thanks & regards, > -Prabath > > > On Fri, Oct 4, 2013 at 11:19 AM, Sumedha Rubasinghe <sume...@wso2.com>wrote: > >> Prabath, >> AM's scope handling is not fully complaint with OAuth spec. The (valid) >> scopes that will reach this particular block is either 'PRODUCTION' or >> 'SANDBOX'. >> >> These two values have a special meaning in determining the endpoint >> addresses in API gateway. >> >> We will fix this with proper scope handling implementation coming up. But >> changing this now might break the existing functionality. >> >> >> >> On Fri, Oct 4, 2013 at 7:25 AM, Prabath Siriwardena <prab...@wso2.com>wrote: >> >>> This is done by the handler >>> t/org.wso2.carbon.apimgt.keymgt/src/main/java/org/wso2/carbon/apimgt/keymgt/util/APIManagerOAuthCallbackHandler.java >>> >>> >>> Scope is case sensitive - and when we issue a token against a provided >>> scope by the client we cannot make it uppercase always and store it. It's >>> spec violation. >>> >>> "The "scope" attribute is defined in Section 3.3 of [RFC6749]. >>> The "scope" attribute is a space-delimited list of case-sensitive >>> scope values indicating the required scope of the access token >>> for accessing the requested resource." >>> >>> Thanks & Regards, >>> Prabath >>> >>> Mobile : +94 71 809 6732 >>> >>> http://blog.facilelogin.com >>> http://RampartFAQ.com >>> >> >> >> >> -- >> /sumedha >> b : bit.ly/sumedha >> > > > > -- > Thanks & Regards, > Prabath > > Mobile : +94 71 809 6732 > > http://blog.facilelogin.com > http://RampartFAQ.com > -- /sumedha m: +94 773017743 b : bit.ly/sumedha
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
