Hi Nicolas, Yes. Usually, the use case you described is achieved via a JWT token which has data related to the user who invoked the API in API Manager. This will not include the user password, but the username will be included.
On the backend web service, you can decode the JWT and do any validations you want. Please check [1] for more information. [1] https://docs.wso2.com/display/AM170/Passing+Enduser+Attributes+to+the+Backend+Using+JWT On Sun, Sep 16, 2018 at 11:41 AM Nicolas Maujean < [email protected]> wrote: > hi Fazlan, > > Sure, when we use service on WSO2 API-M, we use WSO2-IS to manage > token. We would like to secure webservice and make sure only people allowed > to see the informations can do it, so we would like to provide when making > a query, the credentials of the person associated to the token, so we can > make the verification on the back end side, is it possible to provide those > informations using WSO2 API-M ? > > best regards, > > Nicolas Maujean > > > Le dim. 16 sept. 2018 à 19:35, Fazlan Nazeem <[email protected]> a écrit : > >> Hi Nicolas, >> >> Your question is not very clear to me. Can you explain a bit in detail? >> >> On Sun, Sep 16, 2018 at 11:19 AM Nicolas Maujean < >> [email protected]> wrote: >> >>> hi Fazlan, >>> >>> Thank you for your feedback. Yes, WSO2 API-Manager, can we add the >>> credentials associated to the token in oauth2 ? >>> >>> best regards, >>> >>> Nicolas Maujean >>> >>> Le dim. 16 sept. 2018 à 18:32, Fazlan Nazeem <[email protected]> a >>> écrit : >>> >>>> Hi Nicolas, >>>> >>>> I assume your question is regarding API Manager product. You can append >>>> query params to the backend URL by adding a mediation flow to the API in >>>> the inSequence. >>>> >>>> <sequence xmlns="http://ws.apache.org/ns/synapse"; name="sample"> >>>>> <property name="REST_URL_POSTFIX" >>>>> expression="fn:concat(get-property('axis2','REST_URL_POSTFIX'), >>>>> '&name=xyz')" scope="axis2" type="STRING"/> >>>>> </sequence> >>>> >>>> >>>> The above mediation sequence will append a query param named "name" >>>> which has a value of "xyz" to the backend call. >>>> >>>> The steps to include a custom insequence to your API can be found >>>> here[1] >>>> >>>> [1] https://docs.wso2.com/display/AM210/Adding+Mediation+Extensions >>>> >>>> >>>> >>>> On Sun, Sep 16, 2018 at 5:48 AM Nicolas Maujean < >>>> [email protected]> wrote: >>>> >>>>> Hi, >>>>> >>>>> Is it possible to add information automatically in the url calling >>>>> the back end, givng enough information, the credentials allowing to the >>>>> backend to make further test for security purpose ? >>>>> >>>>> best regards, >>>>> >>>>> Nicolas Maujean >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>> >>>> >>>> -- >>>> Thanks & Regards, >>>> >>>> *Fazlan Nazeem* >>>> Senior Software Engineer >>>> WSO2 Inc >>>> Mobile : +94772338839 >>>> [email protected] >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >> >> >> -- >> Thanks & Regards, >> >> *Fazlan Nazeem* >> Senior Software Engineer >> WSO2 Inc >> Mobile : +94772338839 >> [email protected] >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > -- Thanks & Regards, *Fazlan Nazeem* Senior Software Engineer WSO2 Inc Mobile : +94772338839 [email protected]
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
