On Sun, Dec 21, 2014 at 10:25 PM, Udara Liyanage <[email protected]> wrote:
> > Possible solutions came to my mind. > > 1) Add oAuth to Stratos API too. > Yes this is something we need to implement irrespective of this issue. > 2) User get a session first time and uses it for subsequent call > There are two session, one is between user and Stratos web app, second is > between web app and carbon. When a user first call /login API with > username/password, it calls AuthenticationAdmin and get a session which is > sent back to the client which he uses for subsequent calls. Currently > /session endpoint does a similar thing, however it returns a session in web > app, not from Carbon. > > This might be a better approach, however we need to analyze and see which user (super admin, tenant admin, client login user) should be used for communication on each scenario. Thanks -- Imesh Gunaratne Technical Lead, WSO2 Committer & PMC Member, Apache Stratos
