yes of course, pls let me know the time/venue. Thanks! Ragu
On Mon, Jan 14, 2013 at 10:24 PM, Prabath Siriwardena <[email protected]>wrote: > Hi Ragu, > > Shall we chat on this tomorrow... > > Thanks & regards, > -Prabath > > > On Mon, Jan 14, 2013 at 8:34 PM, Sriragu Arudsothy <[email protected]>wrote: > >> Hai ! >> >> As you said I have to write a handler that should extracts the >> bearer token which is passed with the Http header with the request. >> >> The header format will be similar to[ Authorization: Bearer >> wU62DjlyDBnq87GlBwplfqvmAbAa.] "wU62DjlyDBnq87GlBwplfqvmAbAa" as from >> the API manager documentation said as the API key. The API key which is >> generated from the API manager console when the user subscribes to the >> specific API. Subscriber panel displays these values. >> >> From the API manager doc: "The generated keys, namely an access token, a >> consumer key and a consumer secret". >> >> My question is: When I give a call from REST client, What value Do I need >> to pass for http header with bearer token? Some thing like API key which >> uniquely identifies the subscribed APIs, I want to pass some key that >> uniquely identifies the user and enable to do CRUD operation on his >> resources. >> >> Pls apologize me if I am misunderstaning. if so let me know the right >> way..! >> >> Thanks! >> Ragu >> >> >> >> >> >> >> On Mon, Jan 14, 2013 at 1:56 PM, Prabath Siriwardena <[email protected]>wrote: >> >>> >>> >>> On Sun, Jan 13, 2013 at 11:36 PM, Sriragu Arudsothy <[email protected]>wrote: >>> >>>> Hai Senaka..! >>>> >>>> OAuth 2.0 provides 4 types of Authentication grant >>>> type. All four types of grant types are requiring the client id/client >>>> secret atleast. The OAuthTokenValidationService requires either client >>>> id/client secret or username/pwd with client secret depends on the OAuth >>>> grant type. If we are able to pass the Access token with REST calls then we >>>> are done. >>>> >>> >>> You are acting as the resource server - so you need not to worry about >>> any of the grant types... >>> >>> Thanks & regards, >>> -Prabath >>> >>> >>>> >>>> 1) I asked the IS Guys whether Is it possible to generate the access >>>> token with the user name/pwd over the chat ? They do not have the answer >>>> for that. They said there may be a way to create a access token through the >>>> OAuthAdminService. Bz In Greg, we have users with user credentials. We >>>> dont have any concepts call client ID/Client secret. >>>> >>>> 2) When we request from the REST client we need to pass the user >>>> credentials with resource URI. The User then authenticated and access is >>>> carried out or denied. Therefore the OAuth access tokens are valid for a >>>> short period. Therefore it is better to authenticate for each and every >>>> request. This is the way I am thinking to proceed. Bz still unclear about >>>> the authentication using username/pwd with OAuth 2.0. >>>> >>>> WDYT? >>>> >>>> >>>> http://blog.facilelogin.com/2012/08/wso2-oauth-20-playground-with-wso2.html >>>> >>>> http://blog.facilelogin.com/2012/06/oauth-20-integration-patterns-with.html >>>> >>>> the above links explains. >>>> >>>> Regards, >>>> Ragu >>>> >>>> >>>> >>>> >>>> On Sun, Jan 13, 2013 at 9:35 PM, Senaka Fernando <[email protected]>wrote: >>>> >>>>> Hi Ragu, >>>>> >>>>> While I'm unable to provide the best answer for #2 right away without >>>>> doing some research into how OAuth 2.0 is implemented in our platform, for >>>>> #1, you definitely can and must use the component and not IS for the REST >>>>> API implementation in G-Reg. Also, please validate that the features that >>>>> you will be using in the process include a minimum number of jars to >>>>> provide the required OAuth 2.0 functionality. >>>>> >>>>> Thanks, >>>>> Senaka. >>>>> >>>>> On Sun, Jan 13, 2013 at 8:44 AM, Sriragu Arudsothy >>>>> <[email protected]>wrote: >>>>> >>>>>> Hai , >>>>>> >>>>>> When invoke the REST calls to access the resources or resource >>>>>> related properties, the request has to be authenticated against the user >>>>>> credentials using OAuth 2.0. It is a jax web app running on G-Reg. >>>>>> Currently it works without the OAuth mechanism. I went through some >>>>>> extent >>>>>> on how OAuth is working on IS. >>>>>> >>>>>> 1) Is that the OAuth is adaptable component to G-Reg? or Do I need to >>>>>> run the IS? >>>>>> >>>>>> 2) If OAuth is a separate component then how can I integrate to my >>>>>> problem? >>>>>> >>>>>> Your thoughts are welcome on way how do I need to approach? >>>>>> >>>>>> Thanks! >>>>>> Sriragu >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Dev mailing list >>>>>> [email protected] >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> * <http://wso2con.com/> >>>>> * >>>>> * >>>>> >>>>> Senaka Fernando* >>>>> Member - Integration Technologies Management Committee; >>>>> Technical Lead; WSO2 Inc.; http://wso2.com* >>>>> Member; Apache Software Foundation; http://apache.org >>>>> >>>>> E-mail: senaka AT wso2.com >>>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >>>>> Linked-In: http://linkedin.com/in/senakafernando >>>>> >>>>> *Lean . Enterprise . Middleware >>>>> >>>> >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> Thanks & Regards, >>> Prabath >>> >>> Mobile : +94 71 809 6732 >>> >>> http://blog.facilelogin.com >>> http://RampartFAQ.com >>> >> >> > > > -- > Thanks & Regards, > Prabath > > Mobile : +94 71 809 6732 > > http://blog.facilelogin.com > http://RampartFAQ.com >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
