Hi Johann et al, We can utilize enforcing authorize rule capability to validate scopes if the token issue request goes through the authentication framework. We do have a templated policy also.
Still, we can add this to the token issuing phase to cover other grant types. Thanks, On Wed, Mar 6, 2019 at 12:25 PM Ishara Karunarathna <isha...@wso2.com> wrote: > HI Johann, > > On Wed, Mar 6, 2019 at 12:19 PM Johann Nallathamby <joh...@wso2.com> > wrote: > >> IAM Team, >> >> We've implemented XACML based scope authorization during access token >> validation phase. However, it is also important to do this authorization >> during authorization_code, access_token, refresh_token and id_token, >> issuing phase IMO. Especially for self-contained token use cases, we need >> to encode the authorized scopes into the JWT token. >> > With the current implementation we do have the support to validate scopes > in token issuing times, which is an extension point. > But we don't have a XACML implementation for that. > +1 to add this in the future, until its implemented capability is there to > add an extension. > > Regards, > Ishara > >> >> Thoughts? >> >> Thanks & Regards, >> Johann. >> >> -- >> *Johann Dilantha Nallathamby* | Associate Director/Solutions Architect | >> WSO2 Inc. >> (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) joh...@wso2.com >> [image: Signature.jpg] >> > > > -- > Ishara Karunarathna > Senior Technical Lead > WSO2 Inc. - lean . enterprise . middleware | wso2.com > > email: isha...@wso2.com, blog: isharaaruna.blogspot.com, mobile: > +94717996791 > > > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > -- Regards, *Darshana Gunawardana*Technical Lead WSO2 Inc.; http://wso2.com *E-mail: darsh...@wso2.com <darsh...@wso2.com>* *Mobile: +94718566859*Lean . Enterprise . Middleware
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
