Hi Youcef, > > Can you please tell me what are the differences between OpenID Connect & > OAuth 2.0 federated authenticators ? > > The links for these two authenticators [1] refer to the same component > [2].
Actually OAuth 2.0 is an authorization framework that is capable of providing a way for clients to access a resource with restricted access on behalf of the resource owner while OIDC facilitates clients to verify the end-user identity against the authentication performed by an authorization server. At the same time, OIDC provides methods to transfer the end user information through claims.OIDC protocol is built on top of the OAuth2 protocol. We have an OAuth2 server with these endpoints [3]. Can I use this connector > [2] ? > > I do not know what to put for the two fields: > - OpenID Connect User ID Location > - Additional Query Parameters As you are using a oauth server, you can keep the second field empty and keep the default setting for the 'OpenID Connect User ID Location' Also there is no userinfo endpoint. And in this case how to get user > attributes ? As I mentioned above we need to use openid protocol to get end user attributes as the purpose of oauth is to provide accessibility for a resource with restricted access. Should I use Introspect endpoint ? > OAuth 2.0 Token Introspection defines a protocol that allows authorized protected resources to query the authorization server to determine the set of metadata for a given token that was presented to them by an OAuth Client. So the response will contain few claims as user name, but from this endpoint there is no way to get the whole set of user claims. So our recommendation here is to use a OIDC server in order to obtain the user claims. Thanks, On Mon, Dec 11, 2017 at 12:46 AM, Youcef HILEM <[email protected]> wrote: > Hi WSO2 IS Team, > > Can you please tell me what are the differences between OpenID Connect & > OAuth 2.0 federated authenticators ? > > The links for these two authenticators [1] refer to the same component > [2]. > > We have an OAuth2 server with these endpoints [3]. Can I use this connector > [2] ? > > I do not know what to put for the two fields: > - OpenID Connect User ID Location > - Additional Query Parameters > > Also there is no userinfo endpoint. And in this case how to get user > attributes ? Should I use Introspect endpoint ? If so, then I must develop > a > specific authenticator for our case. > > [1] Federated Authentication - > https://docs.wso2.com/display/IS530/Federated+Authentication > [2] Configuring OAuth2-OpenID Connect - > https://docs.wso2.com/display/IS530/Configuring+OAuth2-OpenID+Connect > [3] IBM Security Access Manager 9.0.3.1 - OAuth 2.0 endpoints - > https://www.ibm.com/support/knowledgecenter/en/SSPREK_9.0. > 3.1/com.ibm.isam.doc/config/concept/OAuthEndpoints.html#oauthendpoints > > Thanks > Youcef HILEM > > > > -- > Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2- > Architecture-f62919.html > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > -- Hasanthi Dissanayake Senior Software Engineer | WSO2 E: [email protected] M :0718407133| http://wso2.com <http://wso2.com/>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
