Hi,
Userinfo endpoint comes under OpenID connect. Basically, OpenId is about
authentication and OAuth is about authorization. Currently, we have
/userinfo endpoint under oauth2 [1].
*Available Options:*
1. Use /userinfo endpoint under oauth2.
In APIM v3 Key Manager, base path for oauth2 is /api/auth/oauth2/v1.0.
By adding this resource, we are allowing OAuth2 endpoint for authentication
and authorization.
2. Introduce new base path for /userinfo endpoint as it comes under OpenID
connect. Oath2 spec does not explain the userinfo endpoint.
Suggestions:
/api/auth/connect/v1.0/userinfo
Appreciate your thoughts?
[1] -
https://docs.wso2.com/display/IS450/OpenID+Connect+Basic+Client+Profile+with+WSO2+Identity+Server
Thank you!
--
*Pubudu Gunatilaka*
Committer and PMC Member - Apache Stratos
Senior Software Engineer
WSO2, Inc.: http://wso2.com
mobile : +94774078049 <%2B94772207163>
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
