On Fri, Feb 3, 2017 at 8:32 AM, Johann Nallathamby <[email protected]> wrote:
> > > On Thu, Feb 2, 2017 at 11:38 PM, Gayan Gunawardana <[email protected]> wrote: > >> >> >> On Thu, Feb 2, 2017 at 7:59 PM, Indunil Upeksha Rathnayake < >> [email protected]> wrote: >> >>> Hi, >>> >>> Having a way to check whether a user exists, will be useful for some >>> scenarios(ex: user sign-up). >>> >>> We can check user existence from Identity store level, by passing a set >>> of user claims. And can use the claims to check user existence, since in >>> identity store level, we can check whether a certain claim URI supported by >>> the domain and also whether a claim is an unique attribute claim for the >>> connector. (Please refer PR in [1] ) >>> >>> But for connector level we have attributes. As an example, when we are >>> adding a user, we are passing a list with attributes[2]. So that in >>> connector level, we don't have any idea about the unique claims. If there >>> is a way to identify the unique claim set in connector level, we can check >>> for duplicate entries in that level and pass an exception. >>> >>> [1] https://github.com/wso2/carbon-identity-mgt/pull/119/commits >>> /c36b3b68c6805f25ae1e3b4e9cee8992297bbc57 >>> [2] https://github.com/wso2-extensions/carbon-security-user-stor >>> e-jdbc/blob/master/components/org.wso2.carbon.identity.mgt.s >>> tore.connector.jdbc/src/main/java/org/wso2/carbon/identity/m >>> gt/store/connector/jdbc/connector/JDBCIdentityStoreConnector.java#L521 >>> >>> Thanks and Regards >>> >>> On Wed, Feb 1, 2017 at 9:08 PM, Prabath Siriwardena <[email protected]> >>> wrote: >>> >>>> But.. this is returning back the whole user object...? >>>> >>> Yes this return whole user object and need to authenticate against SCIM >> end point. Since self sign-up user does not have credentials to >> authenticate against SCIM end points some portal application is required. >> Another approach is sending anonymous unauthenticated request to /Me end >> point and consider 409 as user already exist. IMO API level better option >> would be to build some custom implementation on top of /Me end point to >> check whether user exist. >> > > /me may not be the right endpoint to do this IMO. /me is for operations a > user does on himself. Checking whether a username exists in the system may > not be suitable for /me. Can it be part of /users endpoint? > Yes Johann I accept the fact that /me endpoint should not talk about other users identities. For the given requirement this is the answer I got from [email protected]. *1. Just try HTTP POST to create the user and if there is a conflict, it gets rejected. This is probably easiest.* *2. Use GET /Users?filter="(userName eq \”val\”)”&attributes=id. If you can no records return there were no matches. If you get a return, it is in use. Note, either way, you will get a successful response.* *Note, I suspect it is possible that despite checking with #2, you might still get a rejection when you POST. This might be due to a reserve or lock on the username or other identifier.* *Your rights as an administrative client will also impact what you get back with the query in particular. For example, if you are querying anonymously, you might get no matches because the service provider has determined it is not going to answer your and confirm presence or not of the match.* *Likewise, many service providers will have DoS and other security restrictions on what clients can register. * *E.g. to moderate the need for “anonymous” registration, a mobile app could register with the service provider to obtain a “public” OAuth client credential that gives the mobile client the right to register a new user profile on behalf of the user (e.g. by using profile data from the mobile phone).* > > >> >>>> Thanks & regards, >>>> -Prabath >>>> >>>> >>>> On Wed, Feb 1, 2017 at 2:41 AM, Gayan Gunawardana <[email protected]> >>>> wrote: >>>> >>>>> Hi Prabath, >>>>> >>>>> On Wed, Feb 1, 2017 at 1:47 AM, Prabath Siriwardena <[email protected]> >>>>> wrote: >>>>> >>>>>> This seems to be a common requirement and its better to provide an >>>>>> optimized operation for this.. even at the REST API level ? Do we have >>>>>> one >>>>>> in SCIM? >>>>>> >>>>> From SCIM API level we have this support. >>>>> https://<host>:<port>/Users?filter=userName+EQ+Prabath >>>>> >>>>> >>>>>> During the user sign up process - people need to see whether the >>>>>> username is picked by the user is available before asking for the >>>>>> details.. >>>>>> >>>>>> Thanks & regards, >>>>>> -Prabath >>>>>> >>>>>> On Thu, Jan 26, 2017 at 11:28 PM, Lahiru Manohara <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> We can use getUser method to check whether the user exists in user >>>>>>> stores. But do we have any optimized method to do this operation? >>>>>>> >>>>>>> Best Regards, >>>>>>> -- >>>>>>> *Lahiru Manohara* >>>>>>> *Software Engineer* >>>>>>> Mobile: +94716561576 >>>>>>> WSO2 Inc. | http://wso2.com >>>>>>> lean.enterprise.middleware >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Architecture mailing list >>>>>>> [email protected] >>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Thanks & Regards, >>>>>> Prabath >>>>>> >>>>>> Twitter : @prabath >>>>>> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >>>>>> >>>>>> Mobile : +1 650 625 7950 <%28650%29%20625-7950> >>>>>> >>>>>> http://facilelogin.com >>>>>> >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> [email protected] >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Gayan Gunawardana >>>>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>>>> Email: [email protected] >>>>> Mobile: +94 (71) 8020933 >>>>> >>>> >>>> >>>> >>>> -- >>>> Thanks & Regards, >>>> Prabath >>>> >>>> Twitter : @prabath >>>> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >>>> >>>> Mobile : +1 650 625 7950 <%28650%29%20625-7950> >>>> >>>> http://facilelogin.com >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> Indunil Upeksha Rathnayake >>> Software Engineer | WSO2 Inc >>> Email [email protected] >>> Mobile 0772182255 >>> >> >> >> >> -- >> Gayan Gunawardana >> Software Engineer; WSO2 Inc.; http://wso2.com/ >> Email: [email protected] >> Mobile: +94 (71) 8020933 >> > > > > -- > Thanks & Regards, > > *Johann Dilantha Nallathamby* > Technical Lead & Product Lead of WSO2 Identity Server > Governance Technologies Team > WSO2, Inc. > lean.enterprise.middleware > > Mobile - *+94777776950* > Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* > -- Gayan Gunawardana Software Engineer; WSO2 Inc.; http://wso2.com/ Email: [email protected] Mobile: +94 (71) 8020933
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
