Hai..!
I have found some useful samples. After I went through I think I
can generate the Access token using the [client id, secret, username, pwd].
Also we can validate the access token to proceed or give an error message.
After we installed the OAuth feature through the feature manager, we were
able to get the clientid, secret, access endpoint, authorize endpoint
values. But the access token is created by using the above parameters.
Therefore we are able to provide a access token.
If we generated the access token inside the code, how can we expose it to
the user then only he/she can use the token to send the REST calls?
Any ideas ?
Thanks!
Ragu
On Mon, Jan 14, 2013 at 10:51 PM, Sriragu Arudsothy <[email protected]>wrote:
> yes of course, pls let me know the time/venue.
>
> Thanks!
> Ragu
>
>
> On Mon, Jan 14, 2013 at 10:24 PM, Prabath Siriwardena <[email protected]>wrote:
>
>> Hi Ragu,
>>
>> Shall we chat on this tomorrow...
>>
>> Thanks & regards,
>> -Prabath
>>
>>
>> On Mon, Jan 14, 2013 at 8:34 PM, Sriragu Arudsothy <[email protected]>wrote:
>>
>>> Hai !
>>>
>>> As you said I have to write a handler that should extracts the
>>> bearer token which is passed with the Http header with the request.
>>>
>>> The header format will be similar to[ Authorization: Bearer
>>> wU62DjlyDBnq87GlBwplfqvmAbAa.] "wU62DjlyDBnq87GlBwplfqvmAbAa" as from
>>> the API manager documentation said as the API key. The API key which is
>>> generated from the API manager console when the user subscribes to the
>>> specific API. Subscriber panel displays these values.
>>>
>>> From the API manager doc: "The generated keys, namely an access token,
>>> a consumer key and a consumer secret".
>>>
>>> My question is: When I give a call from REST client, What value Do I
>>> need to pass for http header with bearer token? Some thing like API key
>>> which uniquely identifies the subscribed APIs, I want to pass some key that
>>> uniquely identifies the user and enable to do CRUD operation on his
>>> resources.
>>>
>>> Pls apologize me if I am misunderstaning. if so let me know the right
>>> way..!
>>>
>>> Thanks!
>>> Ragu
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Mon, Jan 14, 2013 at 1:56 PM, Prabath Siriwardena
>>> <[email protected]>wrote:
>>>
>>>>
>>>>
>>>> On Sun, Jan 13, 2013 at 11:36 PM, Sriragu Arudsothy
>>>> <[email protected]>wrote:
>>>>
>>>>> Hai Senaka..!
>>>>>
>>>>> OAuth 2.0 provides 4 types of Authentication grant
>>>>> type. All four types of grant types are requiring the client id/client
>>>>> secret atleast. The OAuthTokenValidationService requires either client
>>>>> id/client secret or username/pwd with client secret depends on the OAuth
>>>>> grant type. If we are able to pass the Access token with REST calls then
>>>>> we
>>>>> are done.
>>>>>
>>>>
>>>> You are acting as the resource server - so you need not to worry about
>>>> any of the grant types...
>>>>
>>>> Thanks & regards,
>>>> -Prabath
>>>>
>>>>
>>>>>
>>>>> 1) I asked the IS Guys whether Is it possible to generate the access
>>>>> token with the user name/pwd over the chat ? They do not have the answer
>>>>> for that. They said there may be a way to create a access token through
>>>>> the
>>>>> OAuthAdminService. Bz In Greg, we have users with user credentials. We
>>>>> dont have any concepts call client ID/Client secret.
>>>>>
>>>>> 2) When we request from the REST client we need to pass the user
>>>>> credentials with resource URI. The User then authenticated and access is
>>>>> carried out or denied. Therefore the OAuth access tokens are valid for a
>>>>> short period. Therefore it is better to authenticate for each and every
>>>>> request. This is the way I am thinking to proceed. Bz still unclear about
>>>>> the authentication using username/pwd with OAuth 2.0.
>>>>>
>>>>> WDYT?
>>>>>
>>>>>
>>>>> http://blog.facilelogin.com/2012/08/wso2-oauth-20-playground-with-wso2.html
>>>>>
>>>>> http://blog.facilelogin.com/2012/06/oauth-20-integration-patterns-with.html
>>>>>
>>>>> the above links explains.
>>>>>
>>>>> Regards,
>>>>> Ragu
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Sun, Jan 13, 2013 at 9:35 PM, Senaka Fernando <[email protected]>wrote:
>>>>>
>>>>>> Hi Ragu,
>>>>>>
>>>>>> While I'm unable to provide the best answer for #2 right away without
>>>>>> doing some research into how OAuth 2.0 is implemented in our platform,
>>>>>> for
>>>>>> #1, you definitely can and must use the component and not IS for the REST
>>>>>> API implementation in G-Reg. Also, please validate that the features that
>>>>>> you will be using in the process include a minimum number of jars to
>>>>>> provide the required OAuth 2.0 functionality.
>>>>>>
>>>>>> Thanks,
>>>>>> Senaka.
>>>>>>
>>>>>> On Sun, Jan 13, 2013 at 8:44 AM, Sriragu Arudsothy
>>>>>> <[email protected]>wrote:
>>>>>>
>>>>>>> Hai ,
>>>>>>>
>>>>>>> When invoke the REST calls to access the resources or
>>>>>>> resource related properties, the request has to be authenticated against
>>>>>>> the user credentials using OAuth 2.0. It is a jax web app running on
>>>>>>> G-Reg.
>>>>>>> Currently it works without the OAuth mechanism. I went through some
>>>>>>> extent
>>>>>>> on how OAuth is working on IS.
>>>>>>>
>>>>>>> 1) Is that the OAuth is adaptable component to G-Reg? or Do I need
>>>>>>> to run the IS?
>>>>>>>
>>>>>>> 2) If OAuth is a separate component then how can I integrate to my
>>>>>>> problem?
>>>>>>>
>>>>>>> Your thoughts are welcome on way how do I need to approach?
>>>>>>>
>>>>>>> Thanks!
>>>>>>> Sriragu
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Dev mailing list
>>>>>>> [email protected]
>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> * <http://wso2con.com/>
>>>>>> *
>>>>>> *
>>>>>>
>>>>>> Senaka Fernando*
>>>>>> Member - Integration Technologies Management Committee;
>>>>>> Technical Lead; WSO2 Inc.; http://wso2.com*
>>>>>> Member; Apache Software Foundation; http://apache.org
>>>>>>
>>>>>> E-mail: senaka AT wso2.com
>>>>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818
>>>>>> Linked-In: http://linkedin.com/in/senakafernando
>>>>>>
>>>>>> *Lean . Enterprise . Middleware
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Dev mailing list
>>>>> [email protected]
>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Thanks & Regards,
>>>> Prabath
>>>>
>>>> Mobile : +94 71 809 6732
>>>>
>>>> http://blog.facilelogin.com
>>>> http://RampartFAQ.com
>>>>
>>>
>>>
>>
>>
>> --
>> Thanks & Regards,
>> Prabath
>>
>> Mobile : +94 71 809 6732
>>
>> http://blog.facilelogin.com
>> http://RampartFAQ.com
>>
>
>
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
