On Thu, Feb 13, 2020 at 11:15 AM Sarubi Thillainathan <[email protected]> wrote:
> > > On Thu, Feb 13, 2020 at 10:50 AM Asela Pathberiya <[email protected]> wrote: > >> >> >> On Thu, Feb 13, 2020 at 10:48 AM Sarubi Thillainathan <[email protected]> >> wrote: >> >>> Hi Asela, >>> >>> Just to be clear, Can we register scope values as regex patterns ? >>>> In APIM there is scope white listing capabilities which can be sent any >>>> scope value related to the given regex, "device_*" such scope. >>>> >>> Nope, in IS we don't have this capability. >>> The only thing that we enforce is can't have space in the scope name. >>> >> >> There are cases in which application needs to send some random scope to >> identify the devices. Can't we handle such cases by default ? >> > Yes, we can't handle such cases default. I would like to know why those > needs to be random? If it is for identifying the device then can't we > register those beforehand? > Just thought of similar to this [1] as we are not supporting multiple access token for given user/application [1] https://apim.docs.wso2.com/en/3.0.0/Learn/APISecurity/OAuth2/OAuth2Scopes/scope-whitelisting/ > > >> >> > Thanks, >> Asela. >> >> >>> Thanks, >>> Sarubi. >>> >>> On Wed, Feb 12, 2020 at 6:06 PM Asela Pathberiya <[email protected]> wrote: >>> >>>> >>>> >>>> On Wed, Feb 12, 2020 at 5:44 PM Sarubi Thillainathan <[email protected]> >>>> wrote: >>>> >>>>> >>>>> >>>>> >>>>> On Wed, Feb 12, 2020 at 5:38 PM Sarubi Thillainathan <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi All, >>>>>> >>>>>> Currently in IS, whenever a token request comes with a list of scopes >>>>>> we'll be showing all the scopes and get the consent from the user >>>>>> regardless of that scopes are requested or not in the Identity Server. >>>>>> But by going forward with IS 5.10.0, we'll be more descriptive and >>>>>> decided to show the display name of the scope and it's the description as >>>>>> well when we are getting the consent from the user. Also, if the scope is >>>>>> not registered under the OAuth2 scope or OIDC scope in the IS, then we >>>>>> decided to skip that particular scope from the consent page also in the >>>>>> response as a default behaviour. >>>>>> >>>>> >>>> Just to be clear, Can we register scope values as regex patterns ? >>>> In APIM there is scope white listing capabilities which can be sent any >>>> scope value related to the given regex, "device_*" such scope. >>>> >>>> Thanks, >>>> Asela. >>>> >>>> >>>>> >>>>>> In order to keep the backward compatibility, we'll keep a flag so >>>>>> that we can enable it if we want to list the scope which is not >>>>>> registered. >>>>>> Note that in that case scopes which are not registered will display with >>>>>> the provided scope name and scopes which are registered will displayed >>>>>> with >>>>>> their corresponding display name and description in the consent page. >>>>>> >>>>>> Highly appreciate your ideas and suggestion on this. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> Thanks, >>>>>> Sarubi. >>>>>> -- >>>>>> *Sarubi Thillainathan* | Software Engineer | WSO2 Inc. >>>>>> (m) +94 (0) 76 684 9101 | (e) [email protected],[email protected] >>>>>> >>>>>> *[image: https://wso2.com/signature] <https://wso2.com/signature>* >>>>>> >>>>> >>>>> >>>>> -- >>>>> *Sarubi Thillainathan* | Software Engineer | WSO2 Inc. >>>>> (m) +94 (0) 76 684 9101 | (e) [email protected],[email protected] >>>>> >>>>> *[image: https://wso2.com/signature] <https://wso2.com/signature>* >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>> >>>> >>>> -- >>>> Thanks & Regards, >>>> Asela >>>> >>>> Mobile : +94 777 625 933 >>>> >>>> http://soasecurity.org/ >>>> http://xacmlinfo.org/ >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>> >>> >>> -- >>> *Sarubi Thillainathan* | Software Engineer | WSO2 Inc. >>> (m) +94 (0) 76 684 9101 | (e) [email protected],[email protected] >>> >>> *[image: https://wso2.com/signature] <https://wso2.com/signature>* >>> >> >> >> -- >> Thanks & Regards, >> Asela >> >> Mobile : +94 777 625 933 >> >> http://soasecurity.org/ >> http://xacmlinfo.org/ >> > > > -- > *Sarubi Thillainathan* | Software Engineer | WSO2 Inc. > (m) +94 (0) 76 684 9101 | (e) [email protected],[email protected] > > *[image: https://wso2.com/signature] <https://wso2.com/signature>* > -- Thanks & Regards, Asela Mobile : +94 777 625 933 http://soasecurity.org/ http://xacmlinfo.org/
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
