Hi all, We are working on detecting abnormal access token refreshing to detect if the credentials are being misused.
The current implementation is as follows. For each access token refreshing, an event would be triggered from APIM to DAS. The average time difference between token refreshing per each consumerID (per Application) would be stored in as the average refresh time for the consumerID. If an abnormal access token refresh comes, it will be detected through measuring if it lies within the average refresh time range ( the percentile values would be provided by the user) and if it doesn't, a pre-configured alert would be sent out. WDYT? Thanks, Sachith -- Sachith Withana Software Engineer; WSO2 Inc.; http://wso2.com E-mail: sachith AT wso2.com M: +94715518127 Linked-In: <http://goog_416592669>https://lk.linkedin.com/in/sachithwithana
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
