Hi all, The use case in accessing Stream Processor API's are as follows,
1. Dashboard front end APIs These are API's which the user users to access dashboards he/she will create. These will be protected by using an Authentication API through which the access token obtained by the login will be split into 2 and saved as cookies. Authentication API will act as a proxy for the IdPClient OSGi service. 2. Dashboard back end API's These will use the IdPClient OSGi service to get the access tokens using client credential grant type which can be used to access other API's with Bearer authorization headers. 2. Databridge Here, the data bridge authentication is only done through basic authentication. Oauth2 token validation is mocked through passing token requests using password grant type. This is because the events will be sent with Basic authorization headers and not with Bearer headers For more info in SP IdP integration please refer[1]. @Identity-Team, Could you provide feedback on the mechanisms used in securing API's. [1] [Architecture] Securing Product Apis and Product artifacts in Stream Processor -- Best Regards, *Niveathika Rajendran,* *Software Engineer.* *Mobile : +94 077 903 7536*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
