On Tue, Jan 15, 2013 at 7:27 PM, Sriragu Arudsothy <[email protected]> wrote:
> Hai..! > > I have found some useful samples. After I went through I think I > can generate the Access token using the [client id, secret, username, pwd]. > Also we can validate the access token to proceed or give an error message. > > After we installed the OAuth feature through the feature manager, we were > able to get the clientid, secret, access endpoint, authorize endpoint > values. But the access token is created by using the above parameters. > Therefore we are able to provide a access token. > > > If we generated the access token inside the code, how can we expose it to > the user then only he/she can use the token to send the REST calls? > In this case the user will be authenticated (with uname/pwd) to the registry/provider so then a token will be returned. Then that token will be used afterwards (given the authorizations to access resources for that user). So I think we don't need a functionality(API) to expose the token here? Or we can use the token which can be generated by the OAuth feature for the REST app for that particular user (In UI)? This I think is not necessary as the user of the REST API need to be authenticated to the registry/provider anyway? Regards, Vijitha. > > > Any ideas ? > > Thanks! > Ragu > > On Mon, Jan 14, 2013 at 10:51 PM, Sriragu Arudsothy <[email protected]>wrote: > >> yes of course, pls let me know the time/venue. >> >> Thanks! >> Ragu >> >> >> On Mon, Jan 14, 2013 at 10:24 PM, Prabath Siriwardena >> <[email protected]>wrote: >> >>> Hi Ragu, >>> >>> Shall we chat on this tomorrow... >>> >>> Thanks & regards, >>> -Prabath >>> >>> >>> On Mon, Jan 14, 2013 at 8:34 PM, Sriragu Arudsothy <[email protected]>wrote: >>> >>>> Hai ! >>>> >>>> As you said I have to write a handler that should extracts the >>>> bearer token which is passed with the Http header with the request. >>>> >>>> The header format will be similar to[ Authorization: Bearer >>>> wU62DjlyDBnq87GlBwplfqvmAbAa.] "wU62DjlyDBnq87GlBwplfqvmAbAa" as from >>>> the API manager documentation said as the API key. The API key which is >>>> generated from the API manager console when the user subscribes to the >>>> specific API. Subscriber panel displays these values. >>>> >>>> From the API manager doc: "The generated keys, namely an access token, >>>> a consumer key and a consumer secret". >>>> >>>> My question is: When I give a call from REST client, What value Do I >>>> need to pass for http header with bearer token? Some thing like API >>>> key which uniquely identifies the subscribed APIs, I want to pass some key >>>> that uniquely identifies the user and enable to do CRUD operation on his >>>> resources. >>>> >>>> Pls apologize me if I am misunderstaning. if so let me know the right >>>> way..! >>>> >>>> Thanks! >>>> Ragu >>>> >>>> >>>> >>>> >>>> >>>> >>>> On Mon, Jan 14, 2013 at 1:56 PM, Prabath Siriwardena >>>> <[email protected]>wrote: >>>> >>>>> >>>>> >>>>> On Sun, Jan 13, 2013 at 11:36 PM, Sriragu Arudsothy >>>>> <[email protected]>wrote: >>>>> >>>>>> Hai Senaka..! >>>>>> >>>>>> OAuth 2.0 provides 4 types of Authentication grant >>>>>> type. All four types of grant types are requiring the client id/client >>>>>> secret atleast. The OAuthTokenValidationService requires either client >>>>>> id/client secret or username/pwd with client secret depends on the OAuth >>>>>> grant type. If we are able to pass the Access token with REST calls then >>>>>> we >>>>>> are done. >>>>>> >>>>> >>>>> You are acting as the resource server - so you need not to worry about >>>>> any of the grant types... >>>>> >>>>> Thanks & regards, >>>>> -Prabath >>>>> >>>>> >>>>>> >>>>>> 1) I asked the IS Guys whether Is it possible to generate the access >>>>>> token with the user name/pwd over the chat ? They do not have the answer >>>>>> for that. They said there may be a way to create a access token through >>>>>> the >>>>>> OAuthAdminService. Bz In Greg, we have users with user credentials. We >>>>>> dont have any concepts call client ID/Client secret. >>>>>> >>>>>> 2) When we request from the REST client we need to pass the user >>>>>> credentials with resource URI. The User then authenticated and access is >>>>>> carried out or denied. Therefore the OAuth access tokens are valid for a >>>>>> short period. Therefore it is better to authenticate for each and every >>>>>> request. This is the way I am thinking to proceed. Bz still unclear about >>>>>> the authentication using username/pwd with OAuth 2.0. >>>>>> >>>>>> WDYT? >>>>>> >>>>>> >>>>>> http://blog.facilelogin.com/2012/08/wso2-oauth-20-playground-with-wso2.html >>>>>> >>>>>> http://blog.facilelogin.com/2012/06/oauth-20-integration-patterns-with.html >>>>>> >>>>>> the above links explains. >>>>>> >>>>>> Regards, >>>>>> Ragu >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On Sun, Jan 13, 2013 at 9:35 PM, Senaka Fernando <[email protected]>wrote: >>>>>> >>>>>>> Hi Ragu, >>>>>>> >>>>>>> While I'm unable to provide the best answer for #2 right away >>>>>>> without doing some research into how OAuth 2.0 is implemented in our >>>>>>> platform, for #1, you definitely can and must use the component and not >>>>>>> IS >>>>>>> for the REST API implementation in G-Reg. Also, please validate that the >>>>>>> features that you will be using in the process include a minimum number >>>>>>> of >>>>>>> jars to provide the required OAuth 2.0 functionality. >>>>>>> >>>>>>> Thanks, >>>>>>> Senaka. >>>>>>> >>>>>>> On Sun, Jan 13, 2013 at 8:44 AM, Sriragu Arudsothy <[email protected] >>>>>>> > wrote: >>>>>>> >>>>>>>> Hai , >>>>>>>> >>>>>>>> When invoke the REST calls to access the resources or >>>>>>>> resource related properties, the request has to be authenticated >>>>>>>> against >>>>>>>> the user credentials using OAuth 2.0. It is a jax web app running on >>>>>>>> G-Reg. >>>>>>>> Currently it works without the OAuth mechanism. I went through some >>>>>>>> extent >>>>>>>> on how OAuth is working on IS. >>>>>>>> >>>>>>>> 1) Is that the OAuth is adaptable component to G-Reg? or Do I need >>>>>>>> to run the IS? >>>>>>>> >>>>>>>> 2) If OAuth is a separate component then how can I integrate to my >>>>>>>> problem? >>>>>>>> >>>>>>>> Your thoughts are welcome on way how do I need to approach? >>>>>>>> >>>>>>>> Thanks! >>>>>>>> Sriragu >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Dev mailing list >>>>>>>> [email protected] >>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> * <http://wso2con.com/> >>>>>>> * >>>>>>> * >>>>>>> >>>>>>> Senaka Fernando* >>>>>>> Member - Integration Technologies Management Committee; >>>>>>> Technical Lead; WSO2 Inc.; http://wso2.com* >>>>>>> Member; Apache Software Foundation; http://apache.org >>>>>>> >>>>>>> E-mail: senaka AT wso2.com >>>>>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >>>>>>> Linked-In: http://linkedin.com/in/senakafernando >>>>>>> >>>>>>> *Lean . Enterprise . Middleware >>>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Dev mailing list >>>>>> [email protected] >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Thanks & Regards, >>>>> Prabath >>>>> >>>>> Mobile : +94 71 809 6732 >>>>> >>>>> http://blog.facilelogin.com >>>>> http://RampartFAQ.com >>>>> >>>> >>>> >>> >>> >>> -- >>> Thanks & Regards, >>> Prabath >>> >>> Mobile : +94 71 809 6732 >>> >>> http://blog.facilelogin.com >>> http://RampartFAQ.com >>> >> >> > -- Vijitha Kumara Senior Software Engineer; WSO2, Inc.; http://wso2.com/ email: [email protected] Lean . Enterprise . Middleware
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
