@Isura Thanks for pointing out. But still there is a dead code there which will never get triggered right? Shall we refactor that code?
Thanks & Regards Danushka Fernando Associate Tech Lead WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Thu, Nov 2, 2017 at 9:08 PM, Isura Karunaratne <is...@wso2.com> wrote: > Hi Danushka, > > Other than the responseType validation *validateAccessDelegation *method does > the OAuth callback handles invocation. OAuth callback handler is an > extension point that can be used to validate the access based on > > - AuthenticatedUser > - Consumer Key > - Scopes > - ResponseType > > > We can register new CallBackHandlers based on the requirements and > configure it in identity.xml file > > <OAuthCallbackHandlers> > <OAuthCallbackHandler Class="org.wso2.carbon. > identity.oauth.callback.DefaultCallbackHandler"/> > </OAuthCallbackHandlers> > > Thanks > Isura. > > On Thu, Nov 2, 2017 at 2:54 PM, Danushka Fernando <danush...@wso2.com> > wrote: > >> Hi All >> When access token, id token, auth code or open id token is requested, it >> will go through AuthorizationHandlerManager[1] class to authorize the >> client. There are three authorization steps [2]. >> >> 1. First check is isAuthorized check. Here it checks whether its >> requesting a token or a code and according to that it will check implicit >> or code grant types are allowed for the application and returns true of >> false.[3] >> 2. Second check is validateAccessDelegation check. Here also it >> checks the request type and will check allowance of implicit or code grant >> types and returns true or false.[4] >> 3. Third is scope validation >> >> So according to this analysis both check #1 and #2 are doing the same >> thing and I don't see a way of check #1 getting passed and check #2 getting >> failed. Please correct me if I am wrong. >> >> If this is correct shall we do the necessary adjustment to reduce the >> complexity of the code? >> >> >> [1] https://github.com/wso2-extensions/identity-inbound-auth >> -oauth/blob/master/components/org.wso2.carbon.identity. >> oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/A >> uthorizationHandlerManager.java >> [2] https://github.com/wso2-extensions/identity-inbound-auth >> -oauth/blob/master/components/org.wso2.carbon.identity. >> oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/A >> uthorizationHandlerManager.java#L100-L123 >> [3] https://github.com/wso2-extensions/identity-inbound-auth >> -oauth/blob/master/components/org.wso2.carbon.identity. >> oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/ >> handlers/AbstractResponseTypeHandler.java#L128-L165 >> [4] https://github.com/wso2-extensions/identity-inbound-auth >> -oauth/blob/master/components/org.wso2.carbon.identity. >> oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/ >> handlers/AbstractResponseTypeHandler.java#L66-L104 >> >> Thanks & Regards >> Danushka Fernando >> Associate Tech Lead >> WSO2 inc. http://wso2.com/ >> Mobile : +94716332729 <+94%2071%20633%202729> >> > > > > -- > > *Isura Dilhara Karunaratne* > Associate Technical Lead | WSO2 > Email: is...@wso2.com > Mob : +94 772 254 810 <+94%2077%20225%204810> > Blog : http://isurad.blogspot.com/ > > > >
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
