+Sagara, Johann On 29 March 2018 at 10:57, Uvindra Dias Jayasinha <[email protected]> wrote:
> I'm in favour of having userinfo separate from the default oauth2 service > since its a different concern altogether. Im not sure the reason behind why > the IS team originally included userinfo as part of their oauth service. > > So +1 for option 2 > > > > On 28 March 2018 at 12:46, Pubudu Gunatilaka <[email protected]> wrote: > >> Hi, >> >> Userinfo endpoint comes under OpenID connect. Basically, OpenId is about >> authentication and OAuth is about authorization. Currently, we have >> /userinfo endpoint under oauth2 [1]. >> >> *Available Options:* >> >> 1. Use /userinfo endpoint under oauth2. >> >> In APIM v3 Key Manager, base path for oauth2 is >> /api/auth/oauth2/v1.0. By adding this resource, we are allowing OAuth2 >> endpoint for authentication and authorization. >> >> 2. Introduce new base path for /userinfo endpoint as it comes under >> OpenID connect. Oath2 spec does not explain the userinfo endpoint. >> >> Suggestions: >> /api/auth/connect/v1.0/userinfo >> >> Appreciate your thoughts? >> >> [1] - https://docs.wso2.com/display/IS450/OpenID+Connect+Basic+Cli >> ent+Profile+with+WSO2+Identity+Server >> >> Thank you! >> -- >> *Pubudu Gunatilaka* >> Committer and PMC Member - Apache Stratos >> Senior Software Engineer >> WSO2, Inc.: http://wso2.com >> mobile : +94774078049 <%2B94772207163> >> >> > > > -- > Regards, > Uvindra > > Mobile: 777733962 > -- Regards, Uvindra Mobile: 777733962
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
