I'm in favour of having userinfo separate from the default oauth2 service since its a different concern altogether. Im not sure the reason behind why the IS team originally included userinfo as part of their oauth service.
So +1 for option 2 On 28 March 2018 at 12:46, Pubudu Gunatilaka <[email protected]> wrote: > Hi, > > Userinfo endpoint comes under OpenID connect. Basically, OpenId is about > authentication and OAuth is about authorization. Currently, we have > /userinfo endpoint under oauth2 [1]. > > *Available Options:* > > 1. Use /userinfo endpoint under oauth2. > > In APIM v3 Key Manager, base path for oauth2 is /api/auth/oauth2/v1.0. > By adding this resource, we are allowing OAuth2 endpoint for authentication > and authorization. > > 2. Introduce new base path for /userinfo endpoint as it comes under OpenID > connect. Oath2 spec does not explain the userinfo endpoint. > > Suggestions: > /api/auth/connect/v1.0/userinfo > > Appreciate your thoughts? > > [1] - https://docs.wso2.com/display/IS450/OpenID+Connect+Basic+ > Client+Profile+with+WSO2+Identity+Server > > Thank you! > -- > *Pubudu Gunatilaka* > Committer and PMC Member - Apache Stratos > Senior Software Engineer > WSO2, Inc.: http://wso2.com > mobile : +94774078049 <%2B94772207163> > > -- Regards, Uvindra Mobile: 777733962
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
