On Friday, December 15, 2017, Youcef HILEM <[email protected]> wrote:
> Hi Hasanthi, > > Yes I know that the password grant is supported . > > My question is: can I use the password grant with our third party IDP OAuth > 2.0 [3] just integrated with [2]. No. We do not support password grant type in our OAuth/OIDC federated authenticator. However, if you have a strong requirement to federate using password grant type you can do so by extending the oauth/oidc authenticator. One thing to keep in mind is that you might have to introduce and intermediate page to prompt for credentials to be used in the password grant request. As a user this means I am exposing my credentials at an intermediate page(not at the trusted federated idp) which could be a security concerns. Personally I would prefer the authorization code flow over password grant flow to login using a third party idp. > > > [1] Federated Authentication - > https://docs.wso2.com/display/IS530/Federated+Authentication > [2] Configuring OAuth2-OpenID Connect - > https://docs.wso2.com/display/IS530/Configuring+OAuth2-OpenID+Connect > [3] IBM Security Access Manager 9.0.3.1 - OAuth 2.0 endpoints - > https://www.ibm.com/support/knowledgecenter/en/SSPREK_9.0. > 3.1/com.ibm.isam.doc/config/concept/OAuthEndpoints.html#oauthendpoints > > Thanks > Youcef HILEM > > > > > -- > Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2- > Architecture-f62919.html > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > -- Farasath Ahamed Senior Software Engineer, WSO2 Inc.; http://wso2.com Mobile: +94777603866 Blog: blog.farazath.com Twitter: @farazath619 <https://twitter.com/farazath619> <http://wso2.com/signature>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
