On Sun, Jan 13, 2013 at 11:36 PM, Sriragu Arudsothy <[email protected]>wrote:
> Hai Senaka..! > > OAuth 2.0 provides 4 types of Authentication grant > type. All four types of grant types are requiring the client id/client > secret atleast. The OAuthTokenValidationService requires either client > id/client secret or username/pwd with client secret depends on the OAuth > grant type. If we are able to pass the Access token with REST calls then we > are done. > You are acting as the resource server - so you need not to worry about any of the grant types... Thanks & regards, -Prabath > > 1) I asked the IS Guys whether Is it possible to generate the access token > with the user name/pwd over the chat ? They do not have the answer for > that. They said there may be a way to create a access token through the > OAuthAdminService. Bz In Greg, we have users with user credentials. We > dont have any concepts call client ID/Client secret. > > 2) When we request from the REST client we need to pass the user > credentials with resource URI. The User then authenticated and access is > carried out or denied. Therefore the OAuth access tokens are valid for a > short period. Therefore it is better to authenticate for each and every > request. This is the way I am thinking to proceed. Bz still unclear about > the authentication using username/pwd with OAuth 2.0. > > WDYT? > > http://blog.facilelogin.com/2012/08/wso2-oauth-20-playground-with-wso2.html > http://blog.facilelogin.com/2012/06/oauth-20-integration-patterns-with.html > > the above links explains. > > Regards, > Ragu > > > > > On Sun, Jan 13, 2013 at 9:35 PM, Senaka Fernando <[email protected]> wrote: > >> Hi Ragu, >> >> While I'm unable to provide the best answer for #2 right away without >> doing some research into how OAuth 2.0 is implemented in our platform, for >> #1, you definitely can and must use the component and not IS for the REST >> API implementation in G-Reg. Also, please validate that the features that >> you will be using in the process include a minimum number of jars to >> provide the required OAuth 2.0 functionality. >> >> Thanks, >> Senaka. >> >> On Sun, Jan 13, 2013 at 8:44 AM, Sriragu Arudsothy <[email protected]>wrote: >> >>> Hai , >>> >>> When invoke the REST calls to access the resources or resource >>> related properties, the request has to be authenticated against the user >>> credentials using OAuth 2.0. It is a jax web app running on G-Reg. >>> Currently it works without the OAuth mechanism. I went through some extent >>> on how OAuth is working on IS. >>> >>> 1) Is that the OAuth is adaptable component to G-Reg? or Do I need to >>> run the IS? >>> >>> 2) If OAuth is a separate component then how can I integrate to my >>> problem? >>> >>> Your thoughts are welcome on way how do I need to approach? >>> >>> Thanks! >>> Sriragu >>> >>> >>> >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> * <http://wso2con.com/> >> * >> * >> >> Senaka Fernando* >> Member - Integration Technologies Management Committee; >> Technical Lead; WSO2 Inc.; http://wso2.com* >> Member; Apache Software Foundation; http://apache.org >> >> E-mail: senaka AT wso2.com >> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >> Linked-In: http://linkedin.com/in/senakafernando >> >> *Lean . Enterprise . Middleware >> > > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Thanks & Regards, Prabath Mobile : +94 71 809 6732 http://blog.facilelogin.com http://RampartFAQ.com
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
