The concept of a user information endpoint was their from pre OpenID Connect times as well. Facebook did this even before OIDC because a standard.
However, if we are doing this fresh I would also prefer if we define a separate base path for /userinfo to keep things clean and clear. Regards, Johann. On Thu, Mar 29, 2018 at 1:30 PM, Sanjeewa Malalgoda <[email protected]> wrote: > As i can see some of the other solutions listed user info under oauth2. > And i do not see issue with that as usually user info API respond for > requests with oauth token and return user info. > When we obtain access token we can pass openID scope and later get user > information using same token from user info API. So as i see they are > linked internally somehow with current implementation. > May be that is why we used this path. > > Thanks, > sanjeewa. > > On Thu, Mar 29, 2018 at 10:59 AM, Uvindra Dias Jayasinha <[email protected] > > wrote: > >> +Sagara, Johann >> >> >> On 29 March 2018 at 10:57, Uvindra Dias Jayasinha <[email protected]> >> wrote: >> >>> I'm in favour of having userinfo separate from the default oauth2 >>> service since its a different concern altogether. Im not sure the reason >>> behind why the IS team originally included userinfo as part of their oauth >>> service. >>> >>> So +1 for option 2 >>> >>> >>> >>> On 28 March 2018 at 12:46, Pubudu Gunatilaka <[email protected]> wrote: >>> >>>> Hi, >>>> >>>> Userinfo endpoint comes under OpenID connect. Basically, OpenId is >>>> about authentication and OAuth is about authorization. Currently, we have >>>> /userinfo endpoint under oauth2 [1]. >>>> >>>> *Available Options:* >>>> >>>> 1. Use /userinfo endpoint under oauth2. >>>> >>>> In APIM v3 Key Manager, base path for oauth2 is >>>> /api/auth/oauth2/v1.0. By adding this resource, we are allowing OAuth2 >>>> endpoint for authentication and authorization. >>>> >>>> 2. Introduce new base path for /userinfo endpoint as it comes under >>>> OpenID connect. Oath2 spec does not explain the userinfo endpoint. >>>> >>>> Suggestions: >>>> /api/auth/connect/v1.0/userinfo >>>> >>>> Appreciate your thoughts? >>>> >>>> [1] - https://docs.wso2.com/display/IS450/OpenID+Connect+Basic+Cli >>>> ent+Profile+with+WSO2+Identity+Server >>>> >>>> Thank you! >>>> -- >>>> *Pubudu Gunatilaka* >>>> Committer and PMC Member - Apache Stratos >>>> Senior Software Engineer >>>> WSO2, Inc.: http://wso2.com >>>> mobile : +94774078049 <%2B94772207163> >>>> >>>> >>> >>> >>> -- >>> Regards, >>> Uvindra >>> >>> Mobile: 777733962 >>> >> >> >> >> -- >> Regards, >> Uvindra >> >> Mobile: 777733962 >> > > > > -- > > *Sanjeewa Malalgoda* > WSO2 Inc. > Mobile : +94713068779 <+94%2071%20306%208779> > > <http://sanjeewamalalgoda.blogspot.com/>blog > :http://sanjeewamalalgoda.blogspot.com/ > <http://sanjeewamalalgoda.blogspot.com/> > > > -- *Johann Dilantha Nallathamby* Senior Lead Solutions Engineer WSO2, Inc. lean.enterprise.middleware Mobile: *+94 77 7776950* LinkedIn: *http://www.linkedin.com/in/johann-nallathamby <http://www.linkedin.com/in/johann-nallathamby>* Medium: *https://medium.com/@johann_nallathamby <https://medium.com/@johann_nallathamby>* Twitter: *@dj_nallaa*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
