Implicit grant type seems to be the ideal, since it's designed specifically to be used in browser js kind of environment.
IS team, do we support this ? On Wed, Feb 18, 2015 at 9:38 AM, Dulitha Wijewantha <[email protected]> wrote: > Hi all, > In the MDM Product, there are several JAX-RS services that have to be > consumed from the front end. An example for this would be - List Devices > API. This API will be called from the Browser through AJAX. > > We had a 3 ideas initially on how to do this. > > *Exposing the consumer token to the browser* > In this scenario, when the browser performs a login through SAML, we > perform a token exchange using the saml2 grant type and obtain the access > token and the refresh token. The access token will be sent to the browser > client. The client will call the service with the access token. > > The caveat is that the token would be exposed to the client (since he can > view it from the browser. The other would be handling the token expiry. > Since we can't expose the client id & secret to the browser, we can't > perform browser refreshes. > > *Jaggery Service Proxy* > The front end will call an endpoint in jaggery which calls the JAX-RS > service from the backend. The SAML token will be translated for an oAuth > token, but this will be kept in the session. > > The disadvantages are deployment complications. If the JAX-RS API and the > Jaggery apps are deployed in 2 different servers, the Jaggery app hosting > server needs to have visibility to the API server. > > *Implicit Grant Type* > We thought of this option, but this was discarded because we can't perform > this in respect to saml2 grant type. The web app will have a SAML2 > authentication, and the oAuth token exchange has to happen. > > What are you thoughts on this and what's the best way to achieve this? > > Cheers~ > > -- > Dulitha Wijewantha (Chan) > Software Engineer - Mobile Development > WSO2 Inc > Lean.Enterprise.Middleware > * ~Email [email protected] <[email protected]>* > * ~Mobile +94712112165 <%2B94712112165>* > * ~Website dulitha.me <http://dulitha.me>* > * ~Twitter @dulitharw <https://twitter.com/dulitharw>* > *~Github @dulichan <https://github.com/dulichan>* > *~SO @chan <http://stackoverflow.com/users/813471/chan>* > -- With regards, *Manu*ranga Perera. phone : 071 7 70 20 50 mail : [email protected]
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
