Hi, Following are changes done up to now on the Gateway, as a part of decoupling AS from API Manager.
1. Using OAuth2TokenValidationService to validate Access Tokens a. APIMgtTokenValidator is the default implementation provided for OAuth2TokenValidator, which only overrides the validateScope and validateAccessToken methods. All the sub steps related to token validation will have to be performed in validateAccessToken method. b. To make a clear distinction between the different steps involved in token validation, a second Handler - KeyValidationHandler has been introduced. This is an interface having methods validateToken(),validateSubscription,validateScopes(), generateConsumerToken(). This will be the interface developers have to extend when plugging an external Authorization Server. APIMgtTokenValidator will execute all the methods defined in KeyValidationHandler inside its validateAccessToken method. 2. Modifying OAuth2TokenValidationResponseDTO to pass an Array of Name Value pairs Gateway relies on several parameters like Application Name, Application Tier, API Tier to throttle API Calls and publish statistics. APIKeyValidationInfoDTO which is being used now, has separate fields to represent these parameters.When switching to OAuth2TokenValidationService, we’ll have to use OAuth2TokenValidationResponseDTO and then these parameters will be passed as an array of custom name value pairs. 3. Adding Util methods to convert APIKeyValidationInfoDTO For their internal operations Gateway and KeyManager uses APIKeyValidationInfoDTO objects. It is these types of objects being kept in KeyManager and Gateway caches, it is the same type being passed across different methods when validating keys and JWTs and this used to be the type returned when calling validateKey method in APIKeyValidationService. But when switching to OAuth2TokenValidationService, since the response it returns is a OAuth2TokenValidationResponseDTO ,several util methods were added to convert APIKeyValidationInfoDTO to OAuth2TokenValidationResponseDTO and vice versa. Will provide some sequence diagrams illustrating the flow for a key validation call. -- *Amila De Silva* WSO2 Inc. mobile :(+94) 775119302
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
