On Fri, Jun 24, 2016 at 4:19 PM, Amila De Silva <[email protected]> wrote:
> Hi Abimaran, > > If someone extends TokenGenerator interface, overriding other methods > won't have any effect. But by making signing and encoding public, users > have the option of only extending those steps (say that while using the > default generator) and create the JWT as needed. > +1. There were requirements to encode base64, base64url etc. So i believe it would be great if we let users to extend them as well. Thanks, sanjeewa. > > On Fri, Jun 24, 2016 at 3:50 PM, Abimaran Kugathasan <[email protected]> > wrote: > >> Hi Amila/Sanjeewa >> >> >> But, what is the usage of making encoding and signing as public method, >> they are supposed to withing token generation? If somebody customizes >> generating token, they have to write their own encoding and signing withing >> generateToken >> method. >> >> Why need to give separate method for them? >> >> On Fri, Jun 24, 2016 at 3:46 PM, Amila De Silva <[email protected]> wrote: >> >>> Encoding part has now been changed to a public method. Can do the same >>> for signing too. >>> >>> On Fri, Jun 24, 2016 at 3:35 PM, Sanjeewa Malalgoda <[email protected]> >>> wrote: >>> >>>> @Amila, while doing this shouldn't we move encoding and signing part >>>> also to JWT generator? >>>> Then users will get more flexibility to customize those behavior as >>>> well. >>>> >>>> Thanks, >>>> sanjeewa. >>>> >>>> On Fri, Jun 24, 2016 at 3:26 PM, Amila De Silva <[email protected]> >>>> wrote: >>>> >>>>> Hi All, >>>>> >>>>> In API Gateway , while generating a JWT in the request path, >>>>> TokenGenerator interface is used. Currently it supports the following two >>>>> method overloads; >>>>> >>>>> String generateToken(APIKeyValidationInfoDTO keyValidationInfoDTO, >>>>> String apiContext, String version) throws APIManagementException; >>>>> >>>>> String generateToken(APIKeyValidationInfoDTO keyValidationInfoDTO, >>>>> String apiContext, String version, >>>>> String accessToken) throws >>>>> APIManagementException; >>>>> >>>>> The topmost one was the first method added to the interface, and >>>>> second one was only added to address a limitation in the first one (As of >>>>> now first method is marked as a deprecate one). >>>>> >>>>> I suggest that we add the following method and deprecate both the >>>>> existing two methods; >>>>> >>>>> String generateToken(TokenValidationContext validationContext) throws >>>>> APIManagementException; >>>>> >>>>> Reasons for suggesting this change are >>>>> >>>>> 1. TokenValidationContext contain all the parameters used in the first >>>>> two methods. >>>>> >>>>> 2. JWT Generation happens at the KeyManager while executing >>>>> KeyValidationHandler. JWT Generation is the final phase of that handler, >>>>> and if we pass a TokenValidationContext to generateToken method, then >>>>> whatever the parameters that have been set in previous phases can be made >>>>> available at the JWT Generator (It's an object of the type >>>>> TokenValidationContext, that is passed across other phases in >>>>> KeyValidationHandler) >>>>> >>>>> Please share your thoughts on this. >>>>> >>>>> -- >>>>> *Amila De Silva* >>>>> >>>>> WSO2 Inc. >>>>> mobile :(+94) 775119302 >>>>> >>>>> >>>> >>>> >>>> -- >>>> >>>> *Sanjeewa Malalgoda* >>>> WSO2 Inc. >>>> Mobile : +94713068779 >>>> >>>> <http://sanjeewamalalgoda.blogspot.com/>blog >>>> :http://sanjeewamalalgoda.blogspot.com/ >>>> <http://sanjeewamalalgoda.blogspot.com/> >>>> >>>> >>>> >>> >>> >>> -- >>> *Amila De Silva* >>> >>> WSO2 Inc. >>> mobile :(+94) 775119302 >>> >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Thanks >> Abimaran Kugathasan >> Senior Software Engineer >> >> Email : [email protected] >> Mobile : +94 773922820 >> >> <http://stackoverflow.com/users/515034> >> <http://lk.linkedin.com/in/abimaran> >> <http://www.lkabimaran.blogspot.com/> <https://github.com/abimarank> >> <https://twitter.com/abimaran> >> >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > *Amila De Silva* > > WSO2 Inc. > mobile :(+94) 775119302 > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- *Sanjeewa Malalgoda* WSO2 Inc. Mobile : +94713068779 <http://sanjeewamalalgoda.blogspot.com/>blog :http://sanjeewamalalgoda.blogspot.com/ <http://sanjeewamalalgoda.blogspot.com/>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
