@Amila, while doing this shouldn't we move encoding and signing part also to JWT generator? Then users will get more flexibility to customize those behavior as well.
Thanks, sanjeewa. On Fri, Jun 24, 2016 at 3:26 PM, Amila De Silva <[email protected]> wrote: > Hi All, > > In API Gateway , while generating a JWT in the request path, > TokenGenerator interface is used. Currently it supports the following two > method overloads; > > String generateToken(APIKeyValidationInfoDTO keyValidationInfoDTO, > String apiContext, String version) throws APIManagementException; > > String generateToken(APIKeyValidationInfoDTO keyValidationInfoDTO, > String apiContext, String version, > String accessToken) throws > APIManagementException; > > The topmost one was the first method added to the interface, and second > one was only added to address a limitation in the first one (As of now > first method is marked as a deprecate one). > > I suggest that we add the following method and deprecate both the existing > two methods; > > String generateToken(TokenValidationContext validationContext) throws > APIManagementException; > > Reasons for suggesting this change are > > 1. TokenValidationContext contain all the parameters used in the first two > methods. > > 2. JWT Generation happens at the KeyManager while executing > KeyValidationHandler. JWT Generation is the final phase of that handler, > and if we pass a TokenValidationContext to generateToken method, then > whatever the parameters that have been set in previous phases can be made > available at the JWT Generator (It's an object of the type > TokenValidationContext, that is passed across other phases in > KeyValidationHandler) > > Please share your thoughts on this. > > -- > *Amila De Silva* > > WSO2 Inc. > mobile :(+94) 775119302 > > -- *Sanjeewa Malalgoda* WSO2 Inc. Mobile : +94713068779 <http://sanjeewamalalgoda.blogspot.com/>blog :http://sanjeewamalalgoda.blogspot.com/ <http://sanjeewamalalgoda.blogspot.com/>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
