Hi All,
In API Gateway , while generating a JWT in the request path, TokenGenerator
interface is used. Currently it supports the following two method overloads;
String generateToken(APIKeyValidationInfoDTO keyValidationInfoDTO,
String apiContext, String version) throws APIManagementException;
String generateToken(APIKeyValidationInfoDTO keyValidationInfoDTO,
String apiContext, String version,
String accessToken) throws
APIManagementException;
The topmost one was the first method added to the interface, and second one
was only added to address a limitation in the first one (As of now first
method is marked as a deprecate one).
I suggest that we add the following method and deprecate both the existing
two methods;
String generateToken(TokenValidationContext validationContext) throws
APIManagementException;
Reasons for suggesting this change are
1. TokenValidationContext contain all the parameters used in the first two
methods.
2. JWT Generation happens at the KeyManager while executing
KeyValidationHandler. JWT Generation is the final phase of that handler,
and if we pass a TokenValidationContext to generateToken method, then
whatever the parameters that have been set in previous phases can be made
available at the JWT Generator (It's an object of the type
TokenValidationContext, that is passed across other phases in
KeyValidationHandler)
Please share your thoughts on this.
--
*Amila De Silva*
WSO2 Inc.
mobile :(+94) 775119302
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
