Hi All When access token, id token, auth code or open id token is requested, it will go through AuthorizationHandlerManager[1] class to authorize the client. There are three authorization steps [2].
1. First check is isAuthorized check. Here it checks whether its requesting a token or a code and according to that it will check implicit or code grant types are allowed for the application and returns true of false.[3] 2. Second check is validateAccessDelegation check. Here also it checks the request type and will check allowance of implicit or code grant types and returns true or false.[4] 3. Third is scope validation So according to this analysis both check #1 and #2 are doing the same thing and I don't see a way of check #1 getting passed and check #2 getting failed. Please correct me if I am wrong. If this is correct shall we do the necessary adjustment to reduce the complexity of the code? [1] https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/AuthorizationHandlerManager.java [2] https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/AuthorizationHandlerManager.java#L100-L123 [3] https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/handlers/AbstractResponseTypeHandler.java#L128-L165 [4] https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/handlers/AbstractResponseTypeHandler.java#L66-L104 Thanks & Regards Danushka Fernando Associate Tech Lead WSO2 inc. http://wso2.com/ Mobile : +94716332729
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
