Thank you Le dim. 16 sept. 2018 à 19:54, Fazlan Nazeem <fazl...@wso2.com> a écrit :
> Hi Nicolas, > > Yes. Usually, the use case you described is achieved via a JWT token which > has data related to the user who invoked the API in API Manager. This > will not include the user password, but the username will be included. > > On the backend web service, you can decode the JWT and do any validations > you want. Please check [1] for more information. > > [1] > https://docs.wso2.com/display/AM170/Passing+Enduser+Attributes+to+the+Backend+Using+JWT > > > On Sun, Sep 16, 2018 at 11:41 AM Nicolas Maujean < > nicolas.maujean.fra...@gmail.com> wrote: > >> hi Fazlan, >> >> Sure, when we use service on WSO2 API-M, we use WSO2-IS to manage >> token. We would like to secure webservice and make sure only people allowed >> to see the informations can do it, so we would like to provide when making >> a query, the credentials of the person associated to the token, so we can >> make the verification on the back end side, is it possible to provide those >> informations using WSO2 API-M ? >> >> best regards, >> >> Nicolas Maujean >> >> >> Le dim. 16 sept. 2018 à 19:35, Fazlan Nazeem <fazl...@wso2.com> a écrit : >> >>> Hi Nicolas, >>> >>> Your question is not very clear to me. Can you explain a bit in detail? >>> >>> On Sun, Sep 16, 2018 at 11:19 AM Nicolas Maujean < >>> nicolas.maujean.fra...@gmail.com> wrote: >>> >>>> hi Fazlan, >>>> >>>> Thank you for your feedback. Yes, WSO2 API-Manager, can we add the >>>> credentials associated to the token in oauth2 ? >>>> >>>> best regards, >>>> >>>> Nicolas Maujean >>>> >>>> Le dim. 16 sept. 2018 à 18:32, Fazlan Nazeem <fazl...@wso2.com> a >>>> écrit : >>>> >>>>> Hi Nicolas, >>>>> >>>>> I assume your question is regarding API Manager product. You can >>>>> append query params to the backend URL by adding a mediation flow to the >>>>> API in the inSequence. >>>>> >>>>> <sequence xmlns="http://ws.apache.org/ns/synapse" name="sample"> >>>>>> <property name="REST_URL_POSTFIX" >>>>>> expression="fn:concat(get-property('axis2','REST_URL_POSTFIX'), >>>>>> '&name=xyz')" scope="axis2" type="STRING"/> >>>>>> </sequence> >>>>> >>>>> >>>>> The above mediation sequence will append a query param named "name" >>>>> which has a value of "xyz" to the backend call. >>>>> >>>>> The steps to include a custom insequence to your API can be found >>>>> here[1] >>>>> >>>>> [1] https://docs.wso2.com/display/AM210/Adding+Mediation+Extensions >>>>> >>>>> >>>>> >>>>> On Sun, Sep 16, 2018 at 5:48 AM Nicolas Maujean < >>>>> nicolas.maujean.fra...@gmail.com> wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> Is it possible to add information automatically in the url >>>>>> calling the back end, givng enough information, the credentials allowing >>>>>> to the backend to make further test for security purpose ? >>>>>> >>>>>> best regards, >>>>>> >>>>>> Nicolas Maujean >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> Architecture@wso2.org >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>> >>>>> >>>>> -- >>>>> Thanks & Regards, >>>>> >>>>> *Fazlan Nazeem* >>>>> Senior Software Engineer >>>>> WSO2 Inc >>>>> Mobile : +94772338839 >>>>> fazl...@wso2.com >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> Architecture@wso2.org >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> Architecture@wso2.org >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>> >>> >>> -- >>> Thanks & Regards, >>> >>> *Fazlan Nazeem* >>> Senior Software Engineer >>> WSO2 Inc >>> Mobile : +94772338839 >>> fazl...@wso2.com >>> _______________________________________________ >>> Architecture mailing list >>> Architecture@wso2.org >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >> _______________________________________________ >> Architecture mailing list >> Architecture@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> > > > -- > Thanks & Regards, > > *Fazlan Nazeem* > Senior Software Engineer > WSO2 Inc > Mobile : +94772338839 > fazl...@wso2.com > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture