Hi Prabath/Johann, Thanks for reply.
On Fri, Nov 29, 2013 at 10:40 AM, Prabath Siriwardena <[email protected]>wrote: > If its the client credentials - the resource owner (end user) is the > client it self. > Yes.. then client would be the resource owner. Then authorized user would be the client. I guess, Server identify it by the login user when the client registration is done or there is an method to "setUserName" > JWT is independent from OAuth - and its implementation in API - M is > specific to WSO2. > Got it.... Thanks, Asela. > > Thanks & regards, > -Prabath > > > On Fri, Nov 29, 2013 at 10:16 AM, Asela Pathberiya <[email protected]> wrote: > >> Hi All, >> >> Our current OAuth implementation issues JWT token when validating an >> OAuth token that is granted by client credential grant type. This JWT token >> contains end user name and user's attributes. Please refer jira [1]. >> >> 1. How we are identifying the authorized user and claims in the JWT token >> when client credential grant type is used? >> >> 2. Can we find any thing related to this in the OAuth specification? If, >> Please point me. I could not still find. >> >> IMO, It seems to be that It could not be returned end user and user's >> attribute with this grant type. Please correct me, if wrong. >> >> [1] https://wso2.org/jira/browse/APIMANAGER-1329 >> >> Thanks, >> Asela. >> >> -- >> Thanks & Regards, >> Asela >> >> ATL >> Mobile : +94 777 625 933 >> > > > > -- > Thanks & Regards, > Prabath > > Mobile : +94 71 809 6732 > > http://blog.facilelogin.com > http://blog.api-security.org > -- Thanks & Regards, Asela ATL Mobile : +94 777 625 933
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
