Hi, Stratos(a carbon server) has a web app deployed which consists of some APIs. Users can call APIs passing username/password each time or use session id (created at first call) for subsequent API calls. In one of the APIs, it need to call OAuthAdmin admin service in order to create an oAuth application. However the problem I face is, Stratos API may not have password of the API invoker if he uses the session id (this is the session id created at Stratos web app) when invoking the API.
One solution is to use the super admin user in user-mgt.xml when invoking the admin service. So what ever the user invokes the API, admin service is invoked via the super admin service. Another way is to create a session in Carbon at user's first API call. Then keep the carbon session id in web app session. However if the Carbon session id get expired and web app session is still active, user will have to log in again I assume there are better solutions for this kind of problems. -- Udara Liyanage Software Engineer WSO2, Inc.: http://wso2.com lean. enterprise. middleware web: http://udaraliyanage.wordpress.com phone: +94 71 443 6897
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
