Hi Farasath, The authentication on those endpoints depends on the implementation implemented for the specific oauth provider, there will be configuration key value elements will be asked from user to retrieve those details.
On Thu, Apr 16, 2020 at 6:34 PM Farasath Ahamed <[email protected]> wrote: > > > On Tue, Apr 14, 2020 at 10:13 PM Tharindu Dharmarathna <[email protected]> > wrote: > >> Hi All, >> >> We are going to implement Multiple Oauth provider support to WSO2 API >> Management. From this feature, dev portal users can create their Oauth >> Application on Pre-Defined OAuth providers. >> >> 1. Tenant Admin Create Oauth Provider from the Admin portal by providing >> OAuth provider details. >> >> - Client Registration endpoint >> - Introspection Endpoint >> - Scope Management Endpoint >> - Token Endpoint >> - Revoke Endpoint >> - Endpoint Security Details >> - Token Validation Regex. >> >> Just a suggestion, most OAuth/OIDC providers expose a .wellknown > configuration endpoint that gives some of these endpoints. For example, > https://accounts.google.com/.well-known/openid-configuration > Maybe we can support populating the URLs from using that endpoint as well > in addition to configuring manually. > > 2. Application developer creates the application defining the Oauth >> Provider type. >> 3. Application developer Generates the keys from UI. >> >> - Checks for the Consumer Key Generation can be done in the Specific >> Oauth Provider. >> - Generate the Oauth App on Oauth Provider and retrieves the Oauth >> Application Details. >> >> 4. Application Developer Retrieves the Application details from the UI. >> >> - Check for the Oauth provider selected. >> - Retrieve the Oauth App details from the Respective OAuth Provider >> selected. >> >> 5. Generating Oauth Token >> >> - Token Generation call will directly proxy into the token endpoint >> of Respective Oauth Provider. >> >> 6. Validating the Token. >> >> - Generated Token from Oauth Providers contains a specific change >> related to the Token. >> - Before validating the token we checking the Token was resided to >> which Oauth provider by checking from the Token Validation Regex given. >> - Token get validate from elected Oauth Provider and then retrieve >> the information related to the Token. >> >> 7. Delete the Application >> >> - Oauth Application will remove from Respective Oauth Provider >> assigned. >> >> >> I appreciate any thoughts and feedback on this. >> > > Also, some of the endpoints exposed by OAuth providers will be protected > with different auth mechanisms. How do we plan to handle this? > > >> >> >> Thanks >> >> *Tharindu Dharmarathna*Technical Lead >> WSO2 Inc.; http://wso2.com >> lean.enterprise.middleware >> mobile: *+94779109091* >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> > > > -- > Farasath Ahamed > Associate Technical Lead, WSO2 Inc.: http://wso2.com > Mobile: +94777603866 > Blog: https://farasath.blogspot.com / https://medium.com/@farasath > Twitter: @farazath619 <https://twitter.com/farazath619> > <http://wso2.com/signature> > > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > -- *Tharindu Dharmarathna*Technical Lead WSO2 Inc.; http://wso2.com lean.enterprise.middleware mobile: *+94779109091*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
