Hi Senthuran, When checking the user session using prompt=none parameter, Shall we use a fetch call instead of navigating users to login service endpoint ( I:e `/publisher/services/auth/login` in publisher). it will hinder browser redirections, so the user won't recognize a browser redirect.
Regarding: mandate the login to the Devportal without showing the anonymous view For this case, I think we need to refactor the store REST API, to restrict anonymous API calls. For example, now users can see all the public APIs without providing an access token (anonymous) @Malintha Amarasinghe <[email protected]> WDYT ? Thanks ~KasunTe On Fri, Feb 14, 2020 at 3:35 PM Senthuran Manoharan <[email protected]> wrote: > Hi All, > > API Manager 3.x.x has an SSO for the Publisher and Devportal apps and > currently, we are working on a feature to support “passive” configuration > in the SSO flow(i.e If a user who has already logged in to the publisher > has to get logged into the store directly without clicking on the SIGN-IN > button). Please refer to this Git issue[1]. > > This feature can be achieved by appending the prompt=none to authorize > endpoint. > >> >> https://localhost:9443/oauth2/authorize?response_type=code&client_id=VOjSlkwAXyWvv5FqRfMTjhblH2ka&scope=apim:api_key%20apim:app_manage%20apim:store_settings%20apim:sub_alert_manage%20apim:sub_manage%20apim:subscribe%20openid&state=/apis&redirect_uri=https://localhost:9443/devportal/services/auth/callback/login&prompt=nonehttps://localhost:9443/oauth2/authorize?response_type=code&client_id=VOjSlkwAXyWvv5FqRfMTjhblH2ka&scope=apim:api_key%20apim:app_manage%20apim:store_settings%20apim:sub_alert_manage%20apim:sub_manage%20apim:subscribe%20openid&state=/apis&redirect_uri=https://localhost:9443/devportal/services/auth/callback/login&prompt=none >> . > > > If there is a logged-in user in the Publisher then it will show the > devporal with the login user, otherwise, it will throw an error as > login_required in that case we can redirect back to the devportal. > >> >> error_description=Authentication+required&state=%2Fapis&error=login_required&session_state=b245952dd33a875d31cc6b05968d75fc463612af1a9de70fa5c1809e10de3ef5.tlPkOGNZttr8a-uOAP7UNw > > > If the User is not logged in to the devportal in every reload there will > be a call made to the authorizeEndpoint to check whether a logged-in user > is there or not. > > In addition to this, customers have a requirement to mandate the login to > the Devportal without showing the anonymous view. (i.e like in Publisher) > and we are planning to implement this. > > Please share your thoughts on this. > > [1] https://github.com/wso2/product-apim/issues/4171 > > Thanks > > Senthuran > -- *Kasun Thennakoon* | Associate Technical Lead | WSO2 Inc. (m) +94 711661919 | (w) +94 11 214 5345 | (e) [email protected] GET INTEGRATION AGILE Integration Agility for Digitally Driven Business
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
