Hi Imesh,Udara, Thanks for the input. Actually this use case was solved previously using MutualSSL authentication [1]. Here I just want to send the username and a dummy password in BasicAuth header. IMO this is a hack to achieve the task.
In my usecase I am creating applications as tenant admin and doesn't have access to tenant password 'cause it's a security risk to expose passwords. I too agree with Udara on using a Oauth token for the api which is more secure and standard. [1] https://github.com/wso2/product-private-paas/commit/70c78d1aa3ea100d632f24a9162a9e54d44608f9 On Wed, Aug 12, 2015 at 9:15 AM, Udara Liyanage <ud...@wso2.com> wrote: > Hi Imesh, > > I think we can add Oauth authentication for Stratos API. A user first > obtain a token and then provide that token for subsequent API calls. AFAIR > we have discussed this earlier too. > > On Wed, Aug 12, 2015 at 9:12 AM, Imesh Gunaratne <im...@apache.org> wrote: > >> If another system (say A) is talking to Stratos via the REST API, we >> might need to check how this work flow starts from A. It may either starts >> by prompting the user to login or as a result of a background job. >> >> If its the first case then the system A should have some form of a token >> or user credentials to talk to Stratos. Otherwise a system user needs to be >> used to talk to Stratos. >> >> On Tue, Aug 11, 2015 at 1:57 PM, Udara Liyanage <ud...@wso2.com> wrote: >> >>> Hi Anurudda, >>> >>> The similar scenario came up when we create Oauth token when application >>> creation. AS needed to call IS in order to create the token. There we >>> overcome this by using JWT authenticator which validates the username. >>> However you can not access Sratos API using that authentication. >>> >>> On Tue, Aug 11, 2015 at 1:22 PM, Anuruddha Premalal < >>> anuruddhaprema...@gmail.com> wrote: >>> >>>> Hi Udara, >>>> >>>> I need to call the Stratos rest api from a wso2 server component as >>>> tenant admin. We can get the tenant username however we cannot get the >>>> password. Have you encountered this kind of use-case before?. Is there an >>>> existing way to achieve this? >>>> >>>> Thanks, >>>> Anuruddha. >>>> >>>> On Tue, Aug 11, 2015 at 12:35 PM, Udara Liyanage <ud...@wso2.com> >>>> wrote: >>>> >>>>> HI Anurudda, >>>>> >>>>> AFAIK you can not use a JWT token for REST API access. JWT tokens are >>>>> used in two places, >>>>> >>>>> 1) For metadata API access >>>>> 2) A JWT authenticator is used for Stratos- Identity server >>>>> communication. >>>>> >>>>> Could you please explain your requirement in more detail so we can >>>>> point you to extension places. >>>>> >>>>> On Tue, Aug 11, 2015 at 12:28 PM, Anuruddha Premalal < >>>>> anuruddhaprema...@gmail.com> wrote: >>>>> >>>>>> Hi Devs, >>>>>> >>>>>> Is it possible to invoke the Stratos rest api using a signedJWT token >>>>>> instead of BasicAuth?. Does this comes OOB? If not, is there any >>>>>> extension >>>>>> point provided for a custom authentication handleri? >>>>>> >>>>>> Regards, >>>>>> -- >>>>>> *Anuruddha Premalala (MIEEE)Mobile : +94710461070 >>>>>> <%2B94710461070>E-mail : anuruddhaprema...@gmail.com >>>>>> <anuruddhaprema...@gmail.com>web : www.regilandvalley.com >>>>>> <http://www.regilandvalley.com>Sri Lanka.* >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> Udara Liyanage >>>>> Software Engineer >>>>> WSO2, Inc.: http://wso2.com >>>>> lean. enterprise. middleware >>>>> >>>>> web: http://udaraliyanage.wordpress.com >>>>> phone: +94 71 443 6897 >>>>> >>>> >>>> >>>> >>>> -- >>>> *Anuruddha Premalala (MIEEE)Mobile : +94710461070 >>>> <%2B94710461070>E-mail : anuruddhaprema...@gmail.com >>>> <anuruddhaprema...@gmail.com>web : www.regilandvalley.com >>>> <http://www.regilandvalley.com>Sri Lanka.* >>>> >>> >>> >>> >>> -- >>> >>> Udara Liyanage >>> Software Engineer >>> WSO2, Inc.: http://wso2.com >>> lean. enterprise. middleware >>> >>> web: http://udaraliyanage.wordpress.com >>> phone: +94 71 443 6897 >>> >> >> >> >> -- >> Imesh Gunaratne >> >> Senior Technical Lead, WSO2 >> Committer & PMC Member, Apache Stratos >> > > > > -- > > Udara Liyanage > Software Engineer > WSO2, Inc.: http://wso2.com > lean. enterprise. middleware > > web: http://udaraliyanage.wordpress.com > phone: +94 71 443 6897 > -- *Anuruddha Premalala (MIEEE)Mobile : +94710461070E-mail : anuruddhaprema...@gmail.com <anuruddhaprema...@gmail.com>web : www.regilandvalley.com <http://www.regilandvalley.com>Sri Lanka.*
