+1. Also these set of authenticators should be used to secure any REST endpoint that we expose, not only OAuth2. WDYT? E.g. in SCIM endpoint the authentication is baked into the SCIM code, although it has a concept of handlers. I think all these restful authentication mechanisms must unify and come under a single framework.
On Mon, Feb 22, 2016 at 11:24 AM, Prabath Siriwardana <[email protected]> wrote: > At the moment we are coupled into HTTP basic authentication > with client_id/client_secret , which is not right.. > > Can we decouple this from the token endpoint..? And we should able to > develop these authenticators as independent connectors.. > > WDYT...? > > -- > Thanks & Regards, > Prabath > > Twitter : @prabath > LinkedIn : http://www.linkedin.com/in/prabathsiriwardena > > Mobile : +1 650 625 7950 > > http://blog.facilelogin.com > http://blog.api-security.org > -- Thanks & Regards, *Johann Dilantha Nallathamby* Technical Lead & Product Lead of WSO2 Identity Server Governance Technologies Team WSO2, Inc. lean.enterprise.middleware Mobile - *+94777776950* Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
