Problem ------------ The Store / Publisher ReST APIs in WSO2 App Manager are being re-written, adopting Apache CXF. These APIs should be protected using OAuth
Proposed Solution
-------------------------
(Please see the attached diagrams)
*Dynamic Client Registration (DCR) and Token Management*
There will be a web app (oauth-provide.war) which provides the following
functionalities.
i) Dynamic client registration (DCR)
ii) Token management. (e.g. token generation, token revocation)
*Token Validation*
A CFX interceptor will be engaged to the Store / Publisher ReST API
endpoints. This interceptor will handle token validation.
*Authorization*
OAuth scopes will be used to manage authorization. The implementation will
be the same scopes implementation as the WSO2 API Manager ReST APIs [1]
Thanks
Rushmin
[1] -
http://wso2.com/library/articles/2015/11/article-introducing-wso2-api-manager-new-rest-api-for-store-and-publisher-operations/
--
*Rushmin Fernando*
*Technical Lead*
WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware
email : [email protected]
mobile : +94772310855
rest_api_security_components.pdf
Description: Adobe PDF document
rest_api_security_architecture.pdf
Description: Adobe PDF document
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
