Yes, my bad, you can use the JWT grant type and get the access token in JWT
format.
one more question,
I know right now we generate a access token for an application, I assume
POST /applications/{applicationId}/generate-tokens
is for that ? do we have to do that ? Usually we should encourage anyone to
get their access token to access the API, even for testing purposes.
Worst case if someone needs they can use the API Key for this (once we have
it) and is allowed by the API ?
Regards,
/Nuwan
On Thu, Jul 6, 2017 at 2:57 PM, Chintana Wilamuna <[email protected]> wrote:
> This API is about controlling application and associated token types
> right? Different token types are then generated at API subscription time by
> consumers with a specific grant type correct?
>
> Isuru, IMO it's sort of implied.
>
> -Chintana
>
> On Thu, Jul 6, 2017 at 10:33 AM, Nuwan Bandara <[email protected]> wrote:
>
>> Guys, also this is not directly related to the API design and as Isuru
>> said we will have to think about different token types. At present many
>> users ask for JWT tokens as oppose random string tokens. So should we think
>> about the type too ?
>>
>> On Fri, Jun 30, 2017 at 12:35 AM, Isuru Haththotuwa <[email protected]>
>> wrote:
>>
>>> Just a thought; since we are going to support Key types other than OAuth
>>> for API invocation, should we consider renaming the rest resources to
>>> indicate that this is about generating OAuth keys/tokens?
>>>
>>> On Wed, Jun 28, 2017 at 1:37 PM, Bhathiya Jayasekara <[email protected]>
>>> wrote:
>>>
>>>> Hi all,
>>>>
>>>> As discussed in [1], I split generate keys operation into 2, and added
>>>> "provide-keys" operation for semi-manual client registration. Here is the
>>>> final list with sample requests and responses.
>>>>
>>>>
>>>> POST /applications/{applicationId}/generate-keys
>>>>
>>>> {
>>>> "keyType": "PRODUCTION",
>>>> "grantTypesToBeSupported": [
>>>> "client-credentials", "password"
>>>> ],
>>>> "callbackUrl": "http://localhost/callback"}
>>>>
>>>>
>>>> Response
>>>>
>>>> {
>>>> "consumerKey": "xxxxxxxxxxxxxxxxxx",
>>>> "consumerSecret": "yyyyyyyyyyyyyyyyyyy",
>>>> "supportedGrantTypes": [
>>>> "client-credentials", "password"
>>>> ],
>>>> "callbackUrl": "http://localhost/callback";,
>>>> "keyType": "PRODUCTION"}
>>>>
>>>>
>>>>
>>>> POST /applications/{applicationId}/provide-keys
>>>>
>>>> {
>>>> "consumerKey": "xxxxxxxxxxxxxxxxxxxx",
>>>> "consumerSecret": "yyyyyyyyyyyyyyyyyyy",
>>>> "keyType": "PRODUCTION"}
>>>>
>>>>
>>>> Response
>>>>
>>>> {
>>>> "consumerKey": "xxxxxxxxxxxxxxxxxx",
>>>> "consumerSecret": "yyyyyyyyyyyyyyyyyyy",
>>>> "supportedGrantTypes": [
>>>> "client-credentials", "password"
>>>> ],
>>>> "callbackUrl": "http://localhost/callback";,
>>>> "keyType": "PRODUCTION"}
>>>>
>>>>
>>>>
>>>> POST /applications/{applicationId}/generate-tokens
>>>>
>>>> {
>>>> "consumerKey": "xxxxxxxxxxxxxxxxxxxxx",
>>>> "consumerSecret": "yyyyyyyyyyyyyyyyyyyyyy",
>>>> "validityPeriod": 3600,
>>>> "scopes": "read write delete",
>>>> "revokeToken": "zzzzzzzzzzzzzzzzzzzzz"}
>>>>
>>>>
>>>> Response
>>>>
>>>> {
>>>> "accessToken": "aaaaaaaaaaaaaaaaaaaaaaaaa",
>>>> "tokenScopes": "read write",
>>>> "validityTime": 3600}
>>>>
>>>>
>>>>
>>>> [1] [APIM][C5] Splitting "Generate Keys" operation in Store REST API
>>>>
>>>> Thanks,
>>>> --
>>>> *Bhathiya Jayasekara*
>>>> *Associate Technical Lead,*
>>>> *WSO2 inc., http://wso2.com <http://wso2.com>*
>>>>
>>>> *Phone: +94715478185 <071%20547%208185>*
>>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj
>>>> <http://www.linkedin.com/in/bhathiyaj>*
>>>> *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>*
>>>> *Blog: http://movingaheadblog.blogspot.com
>>>> <http://movingaheadblog.blogspot.com/>*
>>>>
>>>
>>>
>>>
>>> --
>>> Thanks and Regards,
>>>
>>> Isuru H.
>>> +94 716 358 048 <071%20635%208048>* <http://wso2.com/>*
>>>
>>>
>>>
>>
>>
>> --
>>
>>
>> *Thanks & Regards,*
>> *Nuwan Bandara | Director - **Solutions Architecture, WSO2 Inc.*
>> *+1 646 643 8618 <(646)%20643-8618> | +1 650 745 2169 Ext 4212
>> <(650)%20745-2169> | http://nuwanbando.com <http://nuwanbando.com> *
>> <http://www.nuwanbando.com/>
>>
>
>
>
> --
> Chintana Wilamuna | Associate Director/Solutions Architect | WSO2
> <http://wso2.com/> Inc.
> 408 429 3321 | http://engwar.com/
>
>
--
*Thanks & Regards,*
*Nuwan Bandara | Director - **Solutions Architecture, WSO2 Inc.*
*+1 646 643 8618 | +1 650 745 2169 Ext 4212 | http://nuwanbando.com
<http://nuwanbando.com> *
<http://www.nuwanbando.com/>
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
