Hi Ragu, Shall we chat on this tomorrow...
Thanks & regards, -Prabath On Mon, Jan 14, 2013 at 8:34 PM, Sriragu Arudsothy <[email protected]> wrote: > Hai ! > > As you said I have to write a handler that should extracts the > bearer token which is passed with the Http header with the request. > > The header format will be similar to[ Authorization: Bearer > wU62DjlyDBnq87GlBwplfqvmAbAa.] "wU62DjlyDBnq87GlBwplfqvmAbAa" as from the > API manager documentation said as the API key. The API key which is > generated from the API manager console when the user subscribes to the > specific API. Subscriber panel displays these values. > > From the API manager doc: "The generated keys, namely an access token, a > consumer key and a consumer secret". > > My question is: When I give a call from REST client, What value Do I need > to pass for http header with bearer token? Some thing like API key which > uniquely identifies the subscribed APIs, I want to pass some key that > uniquely identifies the user and enable to do CRUD operation on his > resources. > > Pls apologize me if I am misunderstaning. if so let me know the right > way..! > > Thanks! > Ragu > > > > > > > On Mon, Jan 14, 2013 at 1:56 PM, Prabath Siriwardena <[email protected]>wrote: > >> >> >> On Sun, Jan 13, 2013 at 11:36 PM, Sriragu Arudsothy <[email protected]>wrote: >> >>> Hai Senaka..! >>> >>> OAuth 2.0 provides 4 types of Authentication grant >>> type. All four types of grant types are requiring the client id/client >>> secret atleast. The OAuthTokenValidationService requires either client >>> id/client secret or username/pwd with client secret depends on the OAuth >>> grant type. If we are able to pass the Access token with REST calls then we >>> are done. >>> >> >> You are acting as the resource server - so you need not to worry about >> any of the grant types... >> >> Thanks & regards, >> -Prabath >> >> >>> >>> 1) I asked the IS Guys whether Is it possible to generate the access >>> token with the user name/pwd over the chat ? They do not have the answer >>> for that. They said there may be a way to create a access token through the >>> OAuthAdminService. Bz In Greg, we have users with user credentials. We >>> dont have any concepts call client ID/Client secret. >>> >>> 2) When we request from the REST client we need to pass the user >>> credentials with resource URI. The User then authenticated and access is >>> carried out or denied. Therefore the OAuth access tokens are valid for a >>> short period. Therefore it is better to authenticate for each and every >>> request. This is the way I am thinking to proceed. Bz still unclear about >>> the authentication using username/pwd with OAuth 2.0. >>> >>> WDYT? >>> >>> >>> http://blog.facilelogin.com/2012/08/wso2-oauth-20-playground-with-wso2.html >>> >>> http://blog.facilelogin.com/2012/06/oauth-20-integration-patterns-with.html >>> >>> the above links explains. >>> >>> Regards, >>> Ragu >>> >>> >>> >>> >>> On Sun, Jan 13, 2013 at 9:35 PM, Senaka Fernando <[email protected]>wrote: >>> >>>> Hi Ragu, >>>> >>>> While I'm unable to provide the best answer for #2 right away without >>>> doing some research into how OAuth 2.0 is implemented in our platform, for >>>> #1, you definitely can and must use the component and not IS for the REST >>>> API implementation in G-Reg. Also, please validate that the features that >>>> you will be using in the process include a minimum number of jars to >>>> provide the required OAuth 2.0 functionality. >>>> >>>> Thanks, >>>> Senaka. >>>> >>>> On Sun, Jan 13, 2013 at 8:44 AM, Sriragu Arudsothy <[email protected]>wrote: >>>> >>>>> Hai , >>>>> >>>>> When invoke the REST calls to access the resources or resource >>>>> related properties, the request has to be authenticated against the user >>>>> credentials using OAuth 2.0. It is a jax web app running on G-Reg. >>>>> Currently it works without the OAuth mechanism. I went through some >>>>> extent >>>>> on how OAuth is working on IS. >>>>> >>>>> 1) Is that the OAuth is adaptable component to G-Reg? or Do I need to >>>>> run the IS? >>>>> >>>>> 2) If OAuth is a separate component then how can I integrate to my >>>>> problem? >>>>> >>>>> Your thoughts are welcome on way how do I need to approach? >>>>> >>>>> Thanks! >>>>> Sriragu >>>>> >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> [email protected] >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> * <http://wso2con.com/> >>>> * >>>> * >>>> >>>> Senaka Fernando* >>>> Member - Integration Technologies Management Committee; >>>> Technical Lead; WSO2 Inc.; http://wso2.com* >>>> Member; Apache Software Foundation; http://apache.org >>>> >>>> E-mail: senaka AT wso2.com >>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >>>> Linked-In: http://linkedin.com/in/senakafernando >>>> >>>> *Lean . Enterprise . Middleware >>>> >>> >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> Mobile : +94 71 809 6732 >> >> http://blog.facilelogin.com >> http://RampartFAQ.com >> > > -- Thanks & Regards, Prabath Mobile : +94 71 809 6732 http://blog.facilelogin.com http://RampartFAQ.com
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
