Hi all, In the MDM Product, there are several JAX-RS services that have to be consumed from the front end. An example for this would be - List Devices API. This API will be called from the Browser through AJAX.
We had a 3 ideas initially on how to do this. *Exposing the consumer token to the browser* In this scenario, when the browser performs a login through SAML, we perform a token exchange using the saml2 grant type and obtain the access token and the refresh token. The access token will be sent to the browser client. The client will call the service with the access token. The caveat is that the token would be exposed to the client (since he can view it from the browser. The other would be handling the token expiry. Since we can't expose the client id & secret to the browser, we can't perform browser refreshes. *Jaggery Service Proxy* The front end will call an endpoint in jaggery which calls the JAX-RS service from the backend. The SAML token will be translated for an oAuth token, but this will be kept in the session. The disadvantages are deployment complications. If the JAX-RS API and the Jaggery apps are deployed in 2 different servers, the Jaggery app hosting server needs to have visibility to the API server. *Implicit Grant Type* We thought of this option, but this was discarded because we can't perform this in respect to saml2 grant type. The web app will have a SAML2 authentication, and the oAuth token exchange has to happen. What are you thoughts on this and what's the best way to achieve this? Cheers~ -- Dulitha Wijewantha (Chan) Software Engineer - Mobile Development WSO2 Inc Lean.Enterprise.Middleware * ~Email [email protected] <[email protected]>* * ~Mobile +94712112165* * ~Website dulitha.me <http://dulitha.me>* * ~Twitter @dulitharw <https://twitter.com/dulitharw>* *~Github @dulichan <https://github.com/dulichan>* *~SO @chan <http://stackoverflow.com/users/813471/chan>*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
