On Fri, Feb 14, 2020 at 5:05 PM Bhathiya Jayasekara <bhath...@wso2.com> wrote:
> > > On Fri, Feb 14, 2020 at 4:20 PM Kasun Thennakoon <kasu...@wso2.com> wrote: > >> Hi Senthuran, >> >> When checking the user session using prompt=none parameter, Shall we use >> a fetch call instead of navigating users to login service endpoint ( I:e >> `/publisher/services/auth/login` in publisher). it will hinder browser >> redirections, so the user won't recognize a browser redirect. >> >> Regarding: >> >> mandate the login to the Devportal without showing the anonymous view >> >> >> For this case, I think we need to refactor the store REST API, to >> restrict anonymous API calls. For example, now users can see all the public >> APIs without providing an access token (anonymous) @Malintha Amarasinghe >> <malint...@wso2.com> WDYT ? >> > > Yes, we'll have to do that too. > Those APIs are not bound to any scope. I think we will need to bind those to 'apim:subscribe' scope based on a configuration. Thanks! > > Thanks, > Bhathiya > > >> >> Thanks >> ~KasunTe >> >> On Fri, Feb 14, 2020 at 3:35 PM Senthuran Manoharan <senthur...@wso2.com> >> wrote: >> >>> Hi All, >>> >>> API Manager 3.x.x has an SSO for the Publisher and Devportal apps and >>> currently, we are working on a feature to support “passive” configuration >>> in the SSO flow(i.e If a user who has already logged in to the publisher >>> has to get logged into the store directly without clicking on the SIGN-IN >>> button). Please refer to this Git issue[1]. >>> >>> This feature can be achieved by appending the prompt=none to authorize >>> endpoint. >>> >>>> >>>> https://localhost:9443/oauth2/authorize?response_type=code&client_id=VOjSlkwAXyWvv5FqRfMTjhblH2ka&scope=apim:api_key%20apim:app_manage%20apim:store_settings%20apim:sub_alert_manage%20apim:sub_manage%20apim:subscribe%20openid&state=/apis&redirect_uri=https://localhost:9443/devportal/services/auth/callback/login&prompt=nonehttps://localhost:9443/oauth2/authorize?response_type=code&client_id=VOjSlkwAXyWvv5FqRfMTjhblH2ka&scope=apim:api_key%20apim:app_manage%20apim:store_settings%20apim:sub_alert_manage%20apim:sub_manage%20apim:subscribe%20openid&state=/apis&redirect_uri=https://localhost:9443/devportal/services/auth/callback/login&prompt=none >>>> . >>> >>> >>> If there is a logged-in user in the Publisher then it will show the >>> devporal with the login user, otherwise, it will throw an error as >>> login_required in that case we can redirect back to the devportal. >>> >>>> >>>> error_description=Authentication+required&state=%2Fapis&error=login_required&session_state=b245952dd33a875d31cc6b05968d75fc463612af1a9de70fa5c1809e10de3ef5.tlPkOGNZttr8a-uOAP7UNw >>> >>> >>> If the User is not logged in to the devportal in every reload there will >>> be a call made to the authorizeEndpoint to check whether a logged-in user >>> is there or not. >>> >>> In addition to this, customers have a requirement to mandate the login >>> to the Devportal without showing the anonymous view. (i.e like in >>> Publisher) and we are planning to implement this. >>> >>> Please share your thoughts on this. >>> >>> [1] https://github.com/wso2/product-apim/issues/4171 >>> >>> Thanks >>> >>> Senthuran >>> >> >> >> -- >> *Kasun Thennakoon* | Associate Technical Lead | WSO2 Inc. >> (m) +94 711661919 | (w) +94 11 214 5345 | (e) kasu...@wso2.com >> GET INTEGRATION AGILE >> Integration Agility for Digitally Driven Business >> > > > -- > *Bhathiya Jayasekara* | Technical Lead | WSO2 Inc. > (m) +94 71 547 8185 | (e) bhathiya-@t-wso2-d0t-com > > > -- Malintha Amarasinghe *WSO2, Inc. - lean | enterprise | middleware* http://wso2.com/ Mobile : +94 712383306
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture