Hi Sumedha, I'm doing some background reading.. yes, making use of the API manager components came in to my mind as well..
Let me explain the scenario as of my current understanding. - There are two major applications that is going to make use of OAuth 2.0 authentication mechanism of REST backend. - The frontend webapp and the command line client. - We are not going to address the authorization server part. (that would be a separate deployment...) - We only concerned with resource server bits... - The above two applications can make use of Authorization code grant type and the resource owner password credentials grant type respectively. (correct me if i am wrong..) - In any case, as the resource server, we only have to do the token validation part, and figuring out roles (that bit is not still clear to me.. have to read some more.) - I believe functionality can be addressed using a simple Servlet filter /similar interceptor. - If that functionality is already there in a code somewhere I am happy to use, if the community agree.. thanks, --Pradeep On Tue, Oct 29, 2013 at 11:37 AM, Sumedha Rubasinghe <[email protected]>wrote: > Pradeep, > How are you going to implement this? > There might be few things we can share. We have OAuth 2.0 based token > validation & provisioning already available. > > > > On Mon, Oct 28, 2013 at 1:47 AM, Pradeep Fernando <[email protected]>wrote: > >> Hi devs, >> >> I'm going to start on implementing the $subject. Will update this >> thread,as i progress. >> >> JIRA task - https://issues.apache.org/jira/browse/STRATOS-91 >> >> thanks, >> >> >> -- >> Pradeep Fernando. >> http://pradeepfernando.blogspot.com/ >> > > -- Pradeep Fernando. http://pradeepfernando.blogspot.com/
