Hai Senaka..!
OAuth 2.0 provides 4 types of Authentication grant type.
All four types of grant types are requiring the client id/client secret
atleast. The OAuthTokenValidationService requires either client id/client
secret or username/pwd with client secret depends on the OAuth grant type.
If we are able to pass the Access token with REST calls then we are done.
1) I asked the IS Guys whether Is it possible to generate the access token
with the user name/pwd over the chat ? They do not have the answer for
that. They said there may be a way to create a access token through the
OAuthAdminService. Bz In Greg, we have users with user credentials. We
dont have any concepts call client ID/Client secret.
2) When we request from the REST client we need to pass the user
credentials with resource URI. The User then authenticated and access is
carried out or denied. Therefore the OAuth access tokens are valid for a
short period. Therefore it is better to authenticate for each and every
request. This is the way I am thinking to proceed. Bz still unclear about
the authentication using username/pwd with OAuth 2.0.
WDYT?
http://blog.facilelogin.com/2012/08/wso2-oauth-20-playground-with-wso2.html
http://blog.facilelogin.com/2012/06/oauth-20-integration-patterns-with.html
the above links explains.
Regards,
Ragu
On Sun, Jan 13, 2013 at 9:35 PM, Senaka Fernando <[email protected]> wrote:
> Hi Ragu,
>
> While I'm unable to provide the best answer for #2 right away without
> doing some research into how OAuth 2.0 is implemented in our platform, for
> #1, you definitely can and must use the component and not IS for the REST
> API implementation in G-Reg. Also, please validate that the features that
> you will be using in the process include a minimum number of jars to
> provide the required OAuth 2.0 functionality.
>
> Thanks,
> Senaka.
>
> On Sun, Jan 13, 2013 at 8:44 AM, Sriragu Arudsothy <[email protected]>wrote:
>
>> Hai ,
>>
>> When invoke the REST calls to access the resources or resource
>> related properties, the request has to be authenticated against the user
>> credentials using OAuth 2.0. It is a jax web app running on G-Reg.
>> Currently it works without the OAuth mechanism. I went through some extent
>> on how OAuth is working on IS.
>>
>> 1) Is that the OAuth is adaptable component to G-Reg? or Do I need to run
>> the IS?
>>
>> 2) If OAuth is a separate component then how can I integrate to my
>> problem?
>>
>> Your thoughts are welcome on way how do I need to approach?
>>
>> Thanks!
>> Sriragu
>>
>>
>>
>>
>> _______________________________________________
>> Dev mailing list
>> [email protected]
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> * <http://wso2con.com/>
> *
> *
>
> Senaka Fernando*
> Member - Integration Technologies Management Committee;
> Technical Lead; WSO2 Inc.; http://wso2.com*
> Member; Apache Software Foundation; http://apache.org
>
> E-mail: senaka AT wso2.com
> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818
> Linked-In: http://linkedin.com/in/senakafernando
>
> *Lean . Enterprise . Middleware
>
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
