We need to secure recovery APIs and self-registration APIs ( *api/identity/recovery* and *api/identity/user*).
Thanks Isura *Isura Dilhara Karunaratne* Senior Software Engineer | WSO2 Email: [email protected] Mob : +94 772 254 810 Blog : http://isurad.blogspot.com/ On Thu, Oct 20, 2016 at 2:24 AM, Harsha Thirimanna <[email protected]> wrote: > +1 then. We can intergrate later. > But for DCR , we have to fix that because of specification. > > *Harsha Thirimanna* > Associate Tech Lead | WSO2 > > Email: [email protected] > Mob: +94715186770 > Blog: http://harshathirimanna.blogspot.com/ > Twitter: http://twitter.com/harshathirimann > Linked-In: linked-in: http://www.linkedin.com/pub/ > harsha-thirimanna/10/ab8/122 > <http://wso2.com/signature> > > On Thu, Oct 20, 2016 at 1:48 PM, Ishara Karunarathna <[email protected]> > wrote: > >> >> >> On Thu, Oct 20, 2016 at 1:40 PM, Harsha Thirimanna <[email protected]> >> wrote: >> >>> >>> >>> *Harsha Thirimanna* >>> Associate Tech Lead | WSO2 >>> >>> Email: [email protected] >>> Mob: +94715186770 >>> Blog: http://harshathirimanna.blogspot.com/ >>> Twitter: http://twitter.com/harshathirimann >>> Linked-In: linked-in: http://www.linkedin.com/pub/ha >>> rsha-thirimanna/10/ab8/122 >>> <http://wso2.com/signature> >>> >>> On Thu, Oct 20, 2016 at 1:39 PM, Harsha Thirimanna <[email protected]> >>> wrote: >>> >>>> Moving to DEV... >>>> >>>> *Harsha Thirimanna* >>>> Associate Tech Lead | WSO2 >>>> >>>> Email: [email protected] >>>> Mob: +94715186770 >>>> Blog: http://harshathirimanna.blogspot.com/ >>>> Twitter: http://twitter.com/harshathirimann >>>> Linked-In: linked-in: http://www.linkedin.com/pub/ha >>>> rsha-thirimanna/10/ab8/122 >>>> <http://wso2.com/signature> >>>> >>>> On Thu, Oct 20, 2016 at 12:49 PM, Harsha Thirimanna <[email protected]> >>>> wrote: >>>> >>> Hi, >> >> At this point I don't think that its good idea to remove already >> available authentication mechanism and use this instead, for secured APIs >> since those may have some logics those apis need. >> >> Instead only check with the REST APIs that need security. >> WDYT ? >> >> -Ishara >> >>> If there any REST API that already secured within itself the feature, >>>>> then we have to remove it and use this. As ex : DCR. in DCR we expect user >>>>> in request payload for now and that APIs are not secured. After apply this >>>>> we can remove the user from request payload and rely on this. And same as >>>>> we may have to check other REST APIs whether those are rely on any other >>>>> secure mechanism. >>>>> >>>>> @Isura, Can you please confirm in identity management REST API like >>>>> inforecovery ? >>>>> >>>>> @Ayesha, >>>>> Ishara already test the DCR and you can fix that removing user in >>>>> payload, apply this and test. >>>>> >>>>> *Harsha Thirimanna* >>>>> Associate Tech Lead | WSO2 >>>>> >>>>> Email: [email protected] >>>>> Mob: +94715186770 >>>>> Blog: http://harshathirimanna.blogspot.com/ >>>>> Twitter: http://twitter.com/harshathirimann >>>>> Linked-In: linked-in: http://www.linkedin.com/pub/ha >>>>> rsha-thirimanna/10/ab8/122 >>>>> <http://wso2.com/signature> >>>>> >>>>> On Thu, Oct 20, 2016 at 12:34 PM, Ishara Karunarathna < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi Ayesha, >>>>>> >>>>>> This feature provide a authentication layer in front of any unsecured >>>>>> REST APIs. So do we need to test this with all the REST APIs ? >>>>>> >>>>>> -Ishara >>>>>> >>>>>> >>>>>> On Thu, Oct 20, 2016 at 12:05 PM, Ayesha Dissanayaka <[email protected] >>>>>> > wrote: >>>>>> >>>>>>> Hi all, >>>>>>> >>>>>>> I have started testing the"Generic Authentication Mechanism to all >>>>>>> the REST APIs" feature [1] in IS-5.3.0. >>>>>>> Please mention details on REST APIs in IS services which needs to be >>>>>>> secured, so that I can test those APIs with this feature. >>>>>>> >>>>>>> [1] https://wso2.org/jira/browse/IDENTITY-4742 >>>>>>> >>>>>>> Thanks! >>>>>>> -Ayesha >>>>>>> >>>>>>> -- >>>>>>> *Ayesha Dissanayaka* >>>>>>> Software Engineer, >>>>>>> WSO2, Inc : http://wso2.com >>>>>>> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> >>>>>>> 20, Palmgrove Avenue, Colombo 3 >>>>>>> E-Mail: [email protected] <[email protected]> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Ishara Karunarathna >>>>>> Associate Technical Lead >>>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>>>> >>>>>> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >>>>>> +94717996791 >>>>>> >>>>>> >>>>>> >>>>> >>>> >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> Ishara Karunarathna >> Associate Technical Lead >> WSO2 Inc. - lean . enterprise . middleware | wso2.com >> >> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >> +94717996791 >> >> >> > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
