Hi All, Instead of switching to OAuth2TokenValidationService, we'll be sticking with APIKeyValidationService.
On Mon, Sep 15, 2014 at 5:07 PM, Amila De Silva <[email protected]> wrote: > Hi, > > As a part of decoupling Authorization Server from API Manager, the > capability should be provided to customise token validation step. Since the > OAuth2TokenValidationService, defined in org.wso2.carbon.identity.oauth2 > component already supports executing additional validation steps, this > service will be used for validating tokens for API invocations in future. > > Before using this service certain changes needs to be done; > > 1. The existing service for Key Validation returns certain details as > subscriber, Application Tier, subscribed Tier, API Owner which are used to > Throttle API calls and to publish statistics. If we are to pass these > details when using OAuth2TokenValidationService, the response DTO > (OAuth2TokenValidationResponseDTO) should be modified to pass custom > attributes. > > 2. OAuth2TokenValidationService have two operations - validate and > findOAuthConsumerIfTokenIsValid. The latter, retrieves a token stored in > IDN_OAUTH2_ACCESS_TOKEN table and verifies if it’s obtained for a > registered client App. Validate operation calls this method before sending > the response. This behaviour too needs to be changed because, when using an > external Authorization Server, the token will not be stored in our side. > > -- > *Amila De Silva* > > WSO2 Inc. > mobile :(+94) 775119302 > > -- *Amila De Silva* WSO2 Inc. mobile :(+94) 775119302
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
