Hi Harsha, In the current implementation, we are not calling a token endpoint. We directly validate basic auth credentials using RemoteUserStoreManager admin service. Therefore, no hardcoded consumer key and password is used.
Best Regards, Chamod. On Fri, Mar 8, 2019 at 2:18 PM Harsha Kumara <[email protected]> wrote: > @Chamod Samarajeewa <[email protected]> can you share current > implementation details? Is you basic authentication handler, I assume you > calling token endpoint with hard coded consumer key and password. We should > be able to support Johann's suggestion with Option 1. > > On Fri, Mar 8, 2019 at 3:20 AM Harsha Kumara <[email protected]> wrote: > >> Is your requirement is to provide basic authentication via clientId and >> clientSecret? For the microgateway, it will required to validate the this >> by connecting to the key manager and bring the throttling information and >> etc which will require another API. Else at micro gateway it will required >> to generate a token using clientd and secret and resume the flow. >> >> On Fri, Mar 8, 2019 at 2:28 AM Johann Nallathamby <[email protected]> >> wrote: >> >>> *[sending this mail again because previous one wasn't copied to >>> [email protected] <[email protected]>]* >>> >>> Hi Nuwan, Hi Harsha, Hi Chamod, >>> >>> An additional thought here. Most of the times customers who ask for >>> basic authentication support are the customers who need to support legacy >>> external applications I believe; not so much the internal applications. >>> Because, there can be many external parties and they cannot ask all those >>> parties to change. For example, mobile apps that take username/password to >>> be changes to OAuth2. >>> >>> In those cases it could be also useful to track all these "clients"; >>> meaning applying throttling and analytics. If we go with only >>> username/password I believe we can't get that capability, because our >>> throttling and analytics is coupled to OAuth2 client_id. Hence can we >>> provide the following improvements. >>> >>> 1. For clients who are willing to change the client side slightly, we >>> can use the following format: >>> *base64((base64(client_id:username)):base64(client_secret:password))* >>> I am assuming our client_id and client_secret doesn't contain ":" >>> (colons). There can be many ways of doing this. So good if we can provide >>> an extension point to extract the client credentials. >>> >>> 2. For clients who are not willing to change the client side at all, >>> generate a blanket application from the gateway on first use of any such >>> legacy application, to capture all such clients under one internal >>> client_id, to apply analytics and throttling considering all those apps as >>> one. I suppose this will at least separate the non-trusted apps from >>> trusted apps, to minimize breaches. >>> >>> Thoughts? >>> >>> Regards, >>> Johann. >>> >>> On Tue, Mar 5, 2019 at 4:41 PM Chamod Samarajeewa <[email protected]> >>> wrote: >>> >>>> >>>> >>>> ---------- Forwarded message --------- >>>> From: Chamod Samarajeewa <[email protected]> >>>> Date: Tue, Mar 5, 2019 at 4:35 PM >>>> Subject: Re: Basic Authentication for APIM Gateway >>>> To: Nadeesha Gamage <[email protected]> >>>> Cc: Harsha Kumara <[email protected]>, <[email protected]>, Nuwan >>>> Dias <[email protected]>, APIM Team <[email protected]> >>>> >>>> >>>> Hi Nadeesha, >>>> >>>> How will this impact statistics? Will it be possible to get usage >>>>> statistics even if they use basic authentication? >>>>> >>>> >>>> Yes, can get the usage statistics using the username and the api. >>>> >>>> I would also like to know when this feature would be available. >>>> >>>> >>>> Within Q2 and Q3 time frame. >>>> >>>> Thank you.Best Regards. >>>> Chamod. >>>> >>>> On Tue, Mar 5, 2019 at 3:32 PM Nadeesha Gamage <[email protected]> >>>> wrote: >>>> >>>>> Hi Chamod, >>>>> I would also like to know when this feature would be available. >>>>> >>>>> Nadeesha >>>>> >>>>> On Tue, Mar 5, 2019 at 3:30 PM Nadeesha Gamage <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi Chamod, >>>>>> How will this impact statistics? Will it be possible to get usage >>>>>> statistics even if they use basic authentication? >>>>>> >>>>>> Nadeesha >>>>>> >>>>>> On Fri, Feb 15, 2019 at 5:18 PM Harsha Kumara <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hi Chamod, >>>>>>> >>>>>>> Can user choose to expose API either OAuth or Basic authentication >>>>>>> with this implementation? >>>>>>> >>>>>>> We need to provide basic authentication agaist user store configured >>>>>>> in the key manager. Because most of the timee, gateway won't share user >>>>>>> stores. Please add the local user store authentication support as well. >>>>>>> We >>>>>>> need to look for possible caching mechanism for this. >>>>>>> >>>>>>> Since we do have mutual authentication as a security scheme, check >>>>>>> the best way of providing the basic authentication >>>>>>> >>>>>>> Thanks, >>>>>>> Harsha >>>>>>> >>>>>>> On Fri, Feb 15, 2019 at 4:59 PM Chamod Samarajeewa <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> Adding [email protected]. >>>>>>>> >>>>>>>> >>>>>>>> ---------- Forwarded message --------- >>>>>>>> From: Nuwan Dias <[email protected]> >>>>>>>> Date: Fri, Feb 15, 2019 at 3:01 PM >>>>>>>> Subject: Re: Basic Authentication for APIM Gateway >>>>>>>> To: Chamod Samarajeewa <[email protected]> >>>>>>>> Cc: Architecture Team <[email protected]>, APIM Team < >>>>>>>> [email protected]> >>>>>>>> >>>>>>>> >>>>>>>> Chamod, this email should be sent to [email protected]. >>>>>>>> >>>>>>>> Thanks, >>>>>>>> NuwanD. >>>>>>>> >>>>>>>> On Fri, Feb 15, 2019 at 2:37 PM Chamod Samarajeewa <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Hi All, >>>>>>>>> >>>>>>>>> I have included the information in the Github issue here as well. >>>>>>>>> >>>>>>>>> *Requirements* >>>>>>>>> >>>>>>>>> >>>>>>>>> Provide authentication for APIM Gateway with basic authentication >>>>>>>>> which uses usernames and passwords. >>>>>>>>> >>>>>>>>> *Introduction* >>>>>>>>> >>>>>>>>> >>>>>>>>> Providing feature of enabling basic authentication security schema >>>>>>>>> to product APIM Gateway along with OAuth2 token-based authentication. >>>>>>>>> The >>>>>>>>> user will be benefited with using only OAuth2 token based >>>>>>>>> authentication >>>>>>>>> alone, using basic authentication alone and using both schemas at the >>>>>>>>> same >>>>>>>>> time. >>>>>>>>> >>>>>>>>> >>>>>>>>> *Approach* >>>>>>>>> >>>>>>>>> >>>>>>>>> [image: Basic Auth - APIM-GW-2.jpg] >>>>>>>>> >>>>>>>>> curl -k -X GET "https://10.100.0.201:8243/pizzashack/1.0.0/menu"; >>>>>>>>> -H "accept: application/json" -H "Authorization: Basic $(echo -n >>>>>>>>> username:password | base64)" >>>>>>>>> >>>>>>>>> The API Authentication Handler will forward the request to Basic >>>>>>>>> Auth Authenticator or OAuth Authenticator based on the authorization >>>>>>>>> header >>>>>>>>> of the request. >>>>>>>>> >>>>>>>>> Thank you. Regards. >>>>>>>>> >>>>>>>>> On Fri, Feb 15, 2019 at 2:20 PM Chamod Samarajeewa < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> Hi All, >>>>>>>>>> >>>>>>>>>> I'm working on developing a new feature for APIM Gateway to >>>>>>>>>> provide Basic Authentication support. You can find the details in the >>>>>>>>>> following Github issue [1]. >>>>>>>>>> >>>>>>>>>> I would really appreciate any feedback. Thank you. >>>>>>>>>> >>>>>>>>>> Best regards, >>>>>>>>>> Chamod. >>>>>>>>>> >>>>>>>>>> [1] - https://github.com/wso2/carbon-apimgt/issues/5986 >>>>>>>>>> -- >>>>>>>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>>>>>>> (m) +94710397382 | Email: [email protected] <[email protected]> >>>>>>>>>> GET INTEGRATION AGILE >>>>>>>>>> Integration Agility for Digitally Driven Business >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>>>>>> (m) +94710397382 | Email: [email protected] <[email protected]> >>>>>>>>> GET INTEGRATION AGILE >>>>>>>>> Integration Agility for Digitally Driven Business >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> *Nuwan Dias* | Director | WSO2 Inc. >>>>>>>> (m) +94 777 775 729 | (e) [email protected] >>>>>>>> [image: Signature.jpg] >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>>>>> (m) +94710397382 | Email: [email protected] <[email protected]> >>>>>>>> GET INTEGRATION AGILE >>>>>>>> Integration Agility for Digitally Driven Business >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> *Harsha Kumara* >>>>>>> >>>>>>> Associate Technical Lead, WSO2 Inc. >>>>>>> Mobile: +94775505618 >>>>>>> Email: [email protected] >>>>>>> Blog: harshcreationz.blogspot.com >>>>>>> >>>>>>> GET INTEGRATION AGILE >>>>>>> Integration Agility for Digitally Driven Business >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Nadeesha Gamage >>>>>> Senior Lead Solutions Engineer >>>>>> T : +94 77 394 5706 >>>>>> B : https://nadeesha678.wordpress.com/ >>>>>> >>>>> >>>>> >>>>> -- >>>>> Nadeesha Gamage >>>>> Senior Lead Solutions Engineer >>>>> T : +94 77 394 5706 >>>>> B : https://nadeesha678.wordpress.com/ >>>>> >>>> >>>> >>>> -- >>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>> (m) +94710397382 | Email: [email protected] <[email protected]> >>>> GET INTEGRATION AGILE >>>> Integration Agility for Digitally Driven Business >>>> >>>> >>>> -- >>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>> (m) +94710397382 | Email: [email protected] <[email protected]> >>>> GET INTEGRATION AGILE >>>> Integration Agility for Digitally Driven Business >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>> >>> >>> -- >>> *Johann Dilantha Nallathamby* | Associate Director/Solutions Architect >>> | WSO2 Inc. >>> (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) [email protected] >>> [image: Signature.jpg] >>> >> >> >> -- >> >> *Harsha Kumara* >> >> Associate Technical Lead, WSO2 Inc. >> Mobile: +94775505618 >> Email: [email protected] >> Blog: harshcreationz.blogspot.com >> >> GET INTEGRATION AGILE >> Integration Agility for Digitally Driven Business >> > > > -- > > *Harsha Kumara* > > Associate Technical Lead, WSO2 Inc. > Mobile: +94775505618 > Email: [email protected] > Blog: harshcreationz.blogspot.com > > GET INTEGRATION AGILE > Integration Agility for Digitally Driven Business > -- Chamod Samarajeewa | Software Engineer | WSO2 Inc. (m) +94710397382 | Email: [email protected] <[email protected]> GET INTEGRATION AGILE Integration Agility for Digitally Driven Business
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
