On Fri, Feb 14, 2020 at 4:20 PM Kasun Thennakoon <[email protected]> wrote:
> Hi Senthuran, > > When checking the user session using prompt=none parameter, Shall we use a > fetch call instead of navigating users to login service endpoint ( I:e > `/publisher/services/auth/login` in publisher). it will hinder browser > redirections, so the user won't recognize a browser redirect. > Does the fetch calls follow the redirects? And will there be a CORS issue when the IS domain is different? > > Regarding: > > mandate the login to the Devportal without showing the anonymous view > > > For this case, I think we need to refactor the store REST API, to > restrict anonymous API calls. For example, now users can see all the public > APIs without providing an access token (anonymous) @Malintha Amarasinghe > <[email protected]> WDYT ? > > Thanks > ~KasunTe > > On Fri, Feb 14, 2020 at 3:35 PM Senthuran Manoharan <[email protected]> > wrote: > >> Hi All, >> >> API Manager 3.x.x has an SSO for the Publisher and Devportal apps and >> currently, we are working on a feature to support “passive” configuration >> in the SSO flow(i.e If a user who has already logged in to the publisher >> has to get logged into the store directly without clicking on the SIGN-IN >> button). Please refer to this Git issue[1]. >> >> This feature can be achieved by appending the prompt=none to authorize >> endpoint. >> >>> >>> https://localhost:9443/oauth2/authorize?response_type=code&client_id=VOjSlkwAXyWvv5FqRfMTjhblH2ka&scope=apim:api_key%20apim:app_manage%20apim:store_settings%20apim:sub_alert_manage%20apim:sub_manage%20apim:subscribe%20openid&state=/apis&redirect_uri=https://localhost:9443/devportal/services/auth/callback/login&prompt=nonehttps://localhost:9443/oauth2/authorize?response_type=code&client_id=VOjSlkwAXyWvv5FqRfMTjhblH2ka&scope=apim:api_key%20apim:app_manage%20apim:store_settings%20apim:sub_alert_manage%20apim:sub_manage%20apim:subscribe%20openid&state=/apis&redirect_uri=https://localhost:9443/devportal/services/auth/callback/login&prompt=none >>> . >> >> >> If there is a logged-in user in the Publisher then it will show the >> devporal with the login user, otherwise, it will throw an error as >> login_required in that case we can redirect back to the devportal. >> >>> >>> error_description=Authentication+required&state=%2Fapis&error=login_required&session_state=b245952dd33a875d31cc6b05968d75fc463612af1a9de70fa5c1809e10de3ef5.tlPkOGNZttr8a-uOAP7UNw >> >> >> If the User is not logged in to the devportal in every reload there will >> be a call made to the authorizeEndpoint to check whether a logged-in user >> is there or not. >> >> In addition to this, customers have a requirement to mandate the login to >> the Devportal without showing the anonymous view. (i.e like in Publisher) >> and we are planning to implement this. >> >> Please share your thoughts on this. >> >> [1] https://github.com/wso2/product-apim/issues/4171 >> >> Thanks >> >> Senthuran >> > > > -- > *Kasun Thennakoon* | Associate Technical Lead | WSO2 Inc. > (m) +94 711661919 | (w) +94 11 214 5345 | (e) [email protected] > GET INTEGRATION AGILE > Integration Agility for Digitally Driven Business > -- Malintha Amarasinghe *WSO2, Inc. - lean | enterprise | middleware* http://wso2.com/ Mobile : +94 712383306
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
