Hi Sameera, This does not ship with IS 5.1.0. If we deploy the introspect web app in IS 5.1.0 - it will work fine..
Since this is a JWT, please add embedded token validation to MSS too... Thanks & regards, -Prabath On Fri, Dec 18, 2015 at 6:36 AM, Sameera Jayasoma <[email protected]> wrote: > Hi Johann/Prabath, > > Do we have the introspect endpoint in WSO2 IS 5.1.0? > > Thanks, > Sameera. > > On Tue, Nov 24, 2015 at 3:16 PM, Prabath Siriwardana <[email protected]> > wrote: > >> Hi Sameera, >> >> Its a JSON response - so we can write our own... >> >> Thanks & regards, >> -Prabath >> >> On Tue, Nov 24, 2015 at 1:30 AM, Sameera Jayasoma <[email protected]> >> wrote: >> >>> Hi Prabath, >>> >>> Do we have client libraries process the response from introspection >>> endpoint? >>> >>> Thanks, >>> Sameera. >>> >>> On Wed, Nov 18, 2015 at 3:20 PM, Prabath Siriwardana <[email protected]> >>> wrote: >>> >>>> Hi Sameera, >>>> >>>> As we discussed during the WSO2Con, I have implemented RFC 7662, with >>>> some TODOs for IS 5.1.0. >>>> >>>> You can build it from >>>> https://svn.wso2.org/repos/wso2/people/prabath/mss-security/org.wso2.carbon.identity.oauth.introspection >>>> and deploy it as a war file in IS 5.1.0 latest build. >>>> >>>> You can download the latest IS build from >>>> https://svn.wso2.org/repos/wso2/people/hasintha/pre-RC1/wso2is-5.1.0-SNAPSHOT.zip >>>> . >>>> >>>> Now we need to build a JWT token builder to IS - I guess we can reuse >>>> the component already developed by Dinusha. >>>> >>>> Please find below the usage of the introspection API. >>>> >>>> 1. Empty Token: >>>> >>>> curl -k -H 'Content-Type: application/x-www-form-urlencoded' -X POST >>>> --data 'token=' https://idp1.federationhub.org:9443/introspect >>>> >>>> Response: >>>> >>>> {"active":false} >>>> >>>> 2. Invalid Token >>>> >>>> curl -k -H 'Content-Type: application/x-www-form-urlencoded' -X POST >>>> --data 'token=Bjhk98792k9hkjhk' >>>> https://idp1.federationhub.org:9443/introspect >>>> >>>> Response: >>>> >>>> {"active":false,"token_type":"bearer"} >>>> >>>> 3. Valid Token >>>> >>>> 3.1 Get a token first: >>>> >>>> curl -v -X POST --basic -u >>>> LUG28MI5yjL5dATxQWdYGhDLSywa:b855n2UIxixrl_MN_juUuG7cnTUa -H "Content-Type: >>>> application/x-www-form-urlencoded;charset=UTF-8" -k -d >>>> "grant_type=client_credentials" https://localhost:9443/oauth2/token >>>> >>>> 3.1.1 Validate the token >>>> >>>> curl -k -H 'Content-Type: application/x-www-form-urlencoded' -X POST >>>> --data 'token=99f0a7092c71a6e772cbcf77addd39ea' >>>> https://idp1.federationhub.org:9443/introspect >>>> >>>> Response: >>>> >>>> { >>>> "username":"[email protected]", >>>> "nbf":3272, >>>> "active":true, >>>> "token_type":"bearer", >>>> "client_id":"LUG28MI5yjL5dATxQWdYGhDLSywa" >>>> } >>>> >>>> 3.2 Get a token with scopes >>>> >>>> curl -v -X POST --basic -u >>>> LUG28MI5yjL5dATxQWdYGhDLSywa:b855n2UIxixrl_MN_juUuG7cnTUa -H "Content-Type: >>>> application/x-www-form-urlencoded;charset=UTF-8" -k -d >>>> "grant_type=client_credentials&scope=test1 test2" >>>> https://localhost:9443/oauth2/token >>>> >>>> 3.2.1 Validate the token >>>> >>>> curl -k -H 'Content-Type: application/x-www-form-urlencoded' -X POST >>>> --data 'token=c78ac96fe9b59061b53d0223d46ecc24' >>>> https://idp1.federationhub.org:9443/introspec >>>> >>>> Response: >>>> >>>> { >>>> "username":"[email protected]", >>>> "scope":"test1 test2 ", >>>> "nbf":3240, >>>> "active":true, >>>> "token_type":"bearer", >>>> "client_id":"LUG28MI5yjL5dATxQWdYGhDLSywa" >>>> } >>>> >>>> -- >>>> Thanks & Regards, >>>> Prabath >>>> >>>> Twitter : @prabath >>>> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >>>> >>>> Mobile : +1 650 625 7950 >>>> >>>> http://blog.facilelogin.com >>>> http://blog.api-security.org >>>> >>> >>> >>> >>> -- >>> Sameera Jayasoma, >>> Software Architect, >>> >>> WSO2, Inc. (http://wso2.com) >>> email: [email protected] >>> blog: http://blog.sameera.org >>> twitter: https://twitter.com/sameerajayasoma >>> flickr: http://www.flickr.com/photos/sameera-jayasoma/collections >>> Mobile: 0094776364456 >>> >>> Lean . Enterprise . Middleware >>> >>> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> Twitter : @prabath >> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >> >> Mobile : +1 650 625 7950 >> >> http://blog.facilelogin.com >> http://blog.api-security.org >> > > > > -- > Sameera Jayasoma, > Software Architect, > > WSO2, Inc. (http://wso2.com) > email: [email protected] > blog: http://blog.sameera.org > twitter: https://twitter.com/sameerajayasoma > flickr: http://www.flickr.com/photos/sameera-jayasoma/collections > Mobile: 0094776364456 > > Lean . Enterprise . Middleware > > -- Thanks & Regards, Prabath Twitter : @prabath LinkedIn : http://www.linkedin.com/in/prabathsiriwardena Mobile : +1 650 625 7950 http://blog.facilelogin.com http://blog.api-security.org
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
