On Tue, Apr 14, 2020 at 10:13 PM Tharindu Dharmarathna <[email protected]> wrote:
> Hi All, > > We are going to implement Multiple Oauth provider support to WSO2 API > Management. From this feature, dev portal users can create their Oauth > Application on Pre-Defined OAuth providers. > > 1. Tenant Admin Create Oauth Provider from the Admin portal by providing > OAuth provider details. > > - Client Registration endpoint > - Introspection Endpoint > - Scope Management Endpoint > - Token Endpoint > - Revoke Endpoint > - Endpoint Security Details > - Token Validation Regex. > > Just a suggestion, most OAuth/OIDC providers expose a .wellknown configuration endpoint that gives some of these endpoints. For example, https://accounts.google.com/.well-known/openid-configuration Maybe we can support populating the URLs from using that endpoint as well in addition to configuring manually. 2. Application developer creates the application defining the Oauth > Provider type. > 3. Application developer Generates the keys from UI. > > - Checks for the Consumer Key Generation can be done in the Specific > Oauth Provider. > - Generate the Oauth App on Oauth Provider and retrieves the Oauth > Application Details. > > 4. Application Developer Retrieves the Application details from the UI. > > - Check for the Oauth provider selected. > - Retrieve the Oauth App details from the Respective OAuth Provider > selected. > > 5. Generating Oauth Token > > - Token Generation call will directly proxy into the token endpoint of > Respective Oauth Provider. > > 6. Validating the Token. > > - Generated Token from Oauth Providers contains a specific change > related to the Token. > - Before validating the token we checking the Token was resided to > which Oauth provider by checking from the Token Validation Regex given. > - Token get validate from elected Oauth Provider and then retrieve the > information related to the Token. > > 7. Delete the Application > > - Oauth Application will remove from Respective Oauth Provider > assigned. > > > I appreciate any thoughts and feedback on this. > Also, some of the endpoints exposed by OAuth providers will be protected with different auth mechanisms. How do we plan to handle this? > > > Thanks > > *Tharindu Dharmarathna*Technical Lead > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > mobile: *+94779109091* > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > -- Farasath Ahamed Associate Technical Lead, WSO2 Inc.: http://wso2.com Mobile: +94777603866 Blog: https://farasath.blogspot.com / https://medium.com/@farasath Twitter: @farazath619 <https://twitter.com/farazath619> <http://wso2.com/signature>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
