+ [architecture] On Tue, Jul 31, 2018 at 12:55 PM Kasun Thennakoon <[email protected]> wrote:
> Hi Rukshan, > > This is the current flow > > [image: image.png] > > So how we restricted this token, talk only to signup api? with scopes?? >> > Yes we get an access token for self signup scope only > > > Thanks > ~KasunTe > > > On Tue, Jul 31, 2018 at 11:21 AM Rukshan Premathunga <[email protected]> > wrote: > >> >> >> On Tue, Jul 31, 2018 at 11:12 AM, Uvindra Dias Jayasinha < >> [email protected]> wrote: >> >>> >>> >>> On 31 July 2018 at 10:57, Rukshan Premathunga <[email protected]> wrote: >>> >>>> >>>> >>>> On Tue, Jul 31, 2018 at 10:57 AM, Rukshan Premathunga <[email protected] >>>> > wrote: >>>> >>>>> in sigin up case, if you take a token to talk to signup api, is it >>>>> also store in the browser? >>>>> >>>> * in signup case, if you take a token to talk to signup api, is it >>>> also store in the browser? >>>> >>> >>> In this case, Yes. Since there is no user involved yet(user has not got >>> registered yet), it is the store that is making this call on behalf of the >>> user so that they can get registered. >>> >> So how we restricted this token, talk only to signup api? with scopes?? >> >>> >>>>> On Tue, Jul 31, 2018 at 10:26 AM, Fazlan Nazeem <[email protected]> >>>>> wrote: >>>>> >>>>>> Yes, since the client secret will not be known to the end users there >>>>>> is no threat in adding client_credentials grant to the store app. >>>>>> >>>>>> On Tue, Jul 31, 2018 at 10:18 AM Uvindra Dias Jayasinha < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> +1 for option 1, adding the client credentials capability to the >>>>>>> store app makes sense to support this use case. >>>>>>> >>>>>>> On 31 July 2018 at 10:06, Kasun Thennakoon <[email protected]> wrote: >>>>>>> >>>>>>>> Hi Vithursa, >>>>>>>> >>>>>>>> >>>>>>>> In my opinion >>>>>>>> >>>>>>>> *Option-1: *Adding *client_credentials* grant type to existing >>>>>>>>> application >>>>>>>>> >>>>>>>> >>>>>>>> option-1 would be more appropriate here, other than maintaining a >>>>>>>> separate OAuth app for the self sign-up feature. >>>>>>>> >>>>>>>> Thanks >>>>>>>> ~KasunTe >>>>>>>> >>>>>>>> On Mon, Jul 30, 2018 at 9:17 PM Vithursa Mahendrarajah < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Hi all, >>>>>>>>> >>>>>>>>> I encountered an issue while implementing feature to self-sign up >>>>>>>>> user via UI. Access token generation using >>>>>>>>> *client_credentials *grant type is needed to call REST API >>>>>>>>> resource of self-sign up. As per current implementation, we have one >>>>>>>>> DCR >>>>>>>>> Application for publisher and one for st*o*re which does not >>>>>>>>> support *client_credentials* grant type, hence token generation >>>>>>>>> fails. It can be resolved in two ways: >>>>>>>>> >>>>>>>>> *Option-1: *Adding *client_credentials* grant type to existing >>>>>>>>> application >>>>>>>>> *Option-2: *Creating new application which supports >>>>>>>>> *client_credentials* grant type >>>>>>>>> Which one would be the better solution for this. >>>>>>>>> >>>>>>>>> Comments or suggestions are highly appreciated. >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Vithursa >>>>>>>>> >>>>>>>>> On Wed, Jul 25, 2018 at 4:05 PM Uvindra Dias Jayasinha < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> Its great if we can implement this in our light weight key >>>>>>>>>> manager so that we can support this on the UI >>>>>>>>>> >>>>>>>>>> On 25 July 2018 at 15:48, Chanaka Jayasena <[email protected]> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>>> I have attached the paper mockups for the User register, signin, >>>>>>>>>>> and change password pages. But the Captcha is not captured in the >>>>>>>>>>> mockups. +1 to add Captcha if that is supported. >>>>>>>>>>> >>>>>>>>>>> thanks, >>>>>>>>>>> Chanaka >>>>>>>>>>> >>>>>>>>>>> On Wed, Jul 25, 2018 at 3:44 PM Uvindra Dias Jayasinha < >>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>> >>>>>>>>>>>> As far as Captcha goes, this[1] is what is already provided by >>>>>>>>>>>> IS to achieve this. But I don't think this functionality is >>>>>>>>>>>> available in >>>>>>>>>>>> our default light weight key manager currently >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> [1] >>>>>>>>>>>> https://docs.wso2.com/display/IS560/User+Information+Recovery+Service >>>>>>>>>>>> >>>>>>>>>>>> On 25 July 2018 at 15:37, Uvindra Dias Jayasinha < >>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Can we add a Captcha to the user sign up page? This was one of >>>>>>>>>>>>> the basic features we were missing OOB and there were quite a few >>>>>>>>>>>>> customers >>>>>>>>>>>>> who ended doing custom themes to add that functionality. >>>>>>>>>>>>> >>>>>>>>>>>>> On 25 July 2018 at 15:18, Vithursa Mahendrarajah < >>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> HI Isuru/Mushthaq, >>>>>>>>>>>>>> >>>>>>>>>>>>>> Thanks for the suggestions. Yes, +1 to add *Forgot password* >>>>>>>>>>>>>> option as well as *Sign-up* option in Sign-in page. Will add >>>>>>>>>>>>>> mentioned changes. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Wed, Jul 25, 2018 at 2:09 PM Mushthaq Rumy < >>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> Hi Vithursa, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> You may refer the APIM 2.2.0 or 2.5.0 version and get an >>>>>>>>>>>>>>> idea on how the password reset function works in the UI. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Thanks & Regards, >>>>>>>>>>>>>>> Mushthaq >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Wed, Jul 25, 2018 at 2:06 PM Isuru Haththotuwa < >>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Hi Vithursa, >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> I assume the anonymous user page is basically for users to >>>>>>>>>>>>>>>> signup to the system, and by that create users in the system. >>>>>>>>>>>>>>>> This page >>>>>>>>>>>>>>>> looks ok, we basically need a new view when the user clicks on >>>>>>>>>>>>>>>> the sign in >>>>>>>>>>>>>>>> page, which has a link to reset password and forget password >>>>>>>>>>>>>>>> options. Sign >>>>>>>>>>>>>>>> in should have a link to the sign up page as well. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> On Wed, Jul 25, 2018 at 11:11 AM, Vithursa Mahendrarajah < >>>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Hi all, >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> I am working on $subject. Based on current >>>>>>>>>>>>>>>>> implementations, we do not have a way to create users via UI. >>>>>>>>>>>>>>>>> As an initial >>>>>>>>>>>>>>>>> step, I am implementing anonymous-user view page in API >>>>>>>>>>>>>>>>> Store. Mock UI >>>>>>>>>>>>>>>>> design can be found below: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> [image: anonymous_view(1).jpg] >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Comments or suggestions on are highly appreciated. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>>>>> Vithursa >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>> Vithursa Mahendrarajah >>>>>>>>>>>>>>>>> Software Engineer >>>>>>>>>>>>>>>>> WSO2 Inc. - http ://wso2.com >>>>>>>>>>>>>>>>> Mobile : +947*66695643* >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> * <http://wso2.com/signature> <http://wso2.com/signature> >>>>>>>>>>>>>>>>> <http://wso2.com/signature>* >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>> Thanks and Regards, >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Isuru H. >>>>>>>>>>>>>>>> +94 716 358 048* <http://wso2.com/>* >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>> Mushthaq Rumy >>>>>>>>>>>>>>> *Senior Software Engineer* >>>>>>>>>>>>>>> Mobile : +94 (0) 779 492140 >>>>>>>>>>>>>>> Email : [email protected] >>>>>>>>>>>>>>> WSO2, Inc.; http://wso2.com/ >>>>>>>>>>>>>>> lean . enterprise . middleware. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> <http://wso2.com/signature> >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> -- >>>>>>>>>>>>>> Vithursa Mahendrarajah >>>>>>>>>>>>>> Software Engineer >>>>>>>>>>>>>> WSO2 Inc. - http ://wso2.com >>>>>>>>>>>>>> Mobile : +947*66695643* >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> * <http://wso2.com/signature> <http://wso2.com/signature> >>>>>>>>>>>>>> <http://wso2.com/signature>* >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> Regards, >>>>>>>>>>>>> Uvindra >>>>>>>>>>>>> >>>>>>>>>>>>> Mobile: 777733962 >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Regards, >>>>>>>>>>>> Uvindra >>>>>>>>>>>> >>>>>>>>>>>> Mobile: 777733962 >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Chanaka Jayasena >>>>>>>>>>> Associate Tech Lead, >>>>>>>>>>> email: [email protected]; cell: +94 77 4464006 >>>>>>>>>>> blog: http://chanaka3d.blogspot.com >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Regards, >>>>>>>>>> Uvindra >>>>>>>>>> >>>>>>>>>> Mobile: 777733962 >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Vithursa Mahendrarajah >>>>>>>>> Software Engineer >>>>>>>>> WSO2 Inc. - http ://wso2.com >>>>>>>>> Mobile : +947*66695643* >>>>>>>>> >>>>>>>>> >>>>>>>>> * <http://wso2.com/signature> <http://wso2.com/signature> >>>>>>>>> <http://wso2.com/signature>* >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> *Kasun Thennakoon* >>>>>>>> Software Engineer >>>>>>>> WSO2, Inc. >>>>>>>> Mobile:+94 711661919 >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Regards, >>>>>>> Uvindra >>>>>>> >>>>>>> Mobile: 777733962 >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Thanks & Regards, >>>>>> >>>>>> *Fazlan Nazeem* >>>>>> Senior Software Engineer >>>>>> WSO2 Inc >>>>>> Mobile : +94772338839 >>>>>> [email protected] >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Rukshan Chathuranga. >>>>> Software Engineer. >>>>> WSO2, Inc. >>>>> +94711822074 >>>>> >>>> >>>> >>>> >>>> -- >>>> Rukshan Chathuranga. >>>> Software Engineer. >>>> WSO2, Inc. >>>> +94711822074 >>>> >>> >>> >>> >>> -- >>> Regards, >>> Uvindra >>> >>> Mobile: 777733962 >>> >> >> >> >> -- >> Rukshan Chathuranga. >> Software Engineer. >> WSO2, Inc. >> +94711822074 >> > > > -- > *Kasun Thennakoon* > Software Engineer > WSO2, Inc. > Mobile:+94 711661919 > -- Vithursa Mahendrarajah Software Engineer WSO2 Inc. - http ://wso2.com Mobile : +947*66695643* <javascript:void(0);> * <http://wso2.com/signature> <http://wso2.com/signature> <http://wso2.com/signature>*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
