Hi Tharindu, On Tue, Apr 14, 2020 at 10:12 PM Tharindu Dharmarathna <[email protected]> wrote:
> Hi All, > > We are going to implement Multiple Oauth provider support to WSO2 API > Management. From this feature, dev portal users can create their Oauth > Application on Pre-Defined OAuth providers. > > 1. Tenant Admin Create Oauth Provider from the Admin portal by providing > OAuth provider details. > > - Client Registration endpoint > - Introspection Endpoint > - Scope Management Endpoint > - Token Endpoint > - Revoke Endpoint > - Endpoint Security Details > - Token Validation Regex. > > Isn't Scope Management a custom endpoint? Is it that we are only specifying it when connecting with IS? 2. Application developer creates the application defining the Oauth > Provider type. > 3. Application developer Generates the keys from UI. > > - Checks for the Consumer Key Generation can be done in the Specific > Oauth Provider. > - Generate the Oauth App on Oauth Provider and retrieves the Oauth > Application Details. > > 4. Application Developer Retrieves the Application details from the UI. > > - Check for the Oauth provider selected. > - Retrieve the Oauth App details from the Respective OAuth Provider > selected. > > 5. Generating Oauth Token > > - Token Generation call will directly proxy into the token endpoint of > Respective Oauth Provider. > > Wondering if App Developers will use this at all. Isn't the more likely case to get the token directly from an OAuth provider? In case we support this, how about making this configurable (so Tenant Admin can decide whether or not to proxy the request). Currently the Token endpoint is a passthrough, but with this some changes will be needed to find the OAuth provider from CK. Most probably this would include making a service call from the GW. If it's likely to make unnecessary burden on the KM nodes, better to provide an option to disable it. > 6. Validating the Token. > > - Generated Token from Oauth Providers contains a specific change > related to the Token. > > So two OAuth providers can co-exist (within a single tenant space) if their issued tokens can be separated by some property - Is this the case? > > - Before validating the token we checking the Token was resided to > which Oauth provider by checking from the Token Validation Regex given. > - Token get validate from elected Oauth Provider and then retrieve the > information related to the Token. > > 7. Delete the Application > > - Oauth Application will remove from Respective Oauth Provider > assigned. > > > I appreciate any thoughts and feedback on this. > Are we only supporting this for subscriptions within the same tenant? > > > Thanks > > *Tharindu Dharmarathna*Technical Lead > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > mobile: *+94779109091* > -- *Amila De Silva* Software Architect | Associate Director, Engineering - WSO2 Inc. (m) +94 775119302 | (e) [email protected] <http://wso2.com/signature>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
