Hi Amila/Sanjeewa
But, what is the usage of making encoding and signing as public method, they are supposed to withing token generation? If somebody customizes generating token, they have to write their own encoding and signing withing generateToken method. Why need to give separate method for them? On Fri, Jun 24, 2016 at 3:46 PM, Amila De Silva <[email protected]> wrote: > Encoding part has now been changed to a public method. Can do the same for > signing too. > > On Fri, Jun 24, 2016 at 3:35 PM, Sanjeewa Malalgoda <[email protected]> > wrote: > >> @Amila, while doing this shouldn't we move encoding and signing part also >> to JWT generator? >> Then users will get more flexibility to customize those behavior as well. >> >> Thanks, >> sanjeewa. >> >> On Fri, Jun 24, 2016 at 3:26 PM, Amila De Silva <[email protected]> wrote: >> >>> Hi All, >>> >>> In API Gateway , while generating a JWT in the request path, >>> TokenGenerator interface is used. Currently it supports the following two >>> method overloads; >>> >>> String generateToken(APIKeyValidationInfoDTO keyValidationInfoDTO, >>> String apiContext, String version) throws APIManagementException; >>> >>> String generateToken(APIKeyValidationInfoDTO keyValidationInfoDTO, >>> String apiContext, String version, >>> String accessToken) throws >>> APIManagementException; >>> >>> The topmost one was the first method added to the interface, and second >>> one was only added to address a limitation in the first one (As of now >>> first method is marked as a deprecate one). >>> >>> I suggest that we add the following method and deprecate both the >>> existing two methods; >>> >>> String generateToken(TokenValidationContext validationContext) throws >>> APIManagementException; >>> >>> Reasons for suggesting this change are >>> >>> 1. TokenValidationContext contain all the parameters used in the first >>> two methods. >>> >>> 2. JWT Generation happens at the KeyManager while executing >>> KeyValidationHandler. JWT Generation is the final phase of that handler, >>> and if we pass a TokenValidationContext to generateToken method, then >>> whatever the parameters that have been set in previous phases can be made >>> available at the JWT Generator (It's an object of the type >>> TokenValidationContext, that is passed across other phases in >>> KeyValidationHandler) >>> >>> Please share your thoughts on this. >>> >>> -- >>> *Amila De Silva* >>> >>> WSO2 Inc. >>> mobile :(+94) 775119302 >>> >>> >> >> >> -- >> >> *Sanjeewa Malalgoda* >> WSO2 Inc. >> Mobile : +94713068779 >> >> <http://sanjeewamalalgoda.blogspot.com/>blog >> :http://sanjeewamalalgoda.blogspot.com/ >> <http://sanjeewamalalgoda.blogspot.com/> >> >> >> > > > -- > *Amila De Silva* > > WSO2 Inc. > mobile :(+94) 775119302 > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Thanks Abimaran Kugathasan Senior Software Engineer Email : [email protected] Mobile : +94 773922820 <http://stackoverflow.com/users/515034> <http://lk.linkedin.com/in/abimaran> <http://www.lkabimaran.blogspot.com/> <https://github.com/abimarank> <https://twitter.com/abimaran>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
