On Thu, Nov 2, 2017 at 9:37 PM Danushka Fernando <danush...@wso2.com> wrote:
> @Isura > Thanks for pointing out. But still there is a dead code there which will > never get triggered right? Shall we refactor that code? > +1 @Nuwandi, Can you work on this refactoring? Thanks Isura. > > Thanks & Regards > Danushka Fernando > Associate Tech Lead > WSO2 inc. http://wso2.com/ > Mobile : +94716332729 > > On Thu, Nov 2, 2017 at 9:08 PM, Isura Karunaratne <is...@wso2.com> wrote: > >> Hi Danushka, >> >> Other than the responseType validation *validateAccessDelegation *method does >> the OAuth callback handles invocation. OAuth callback handler is an >> extension point that can be used to validate the access based on >> >> - AuthenticatedUser >> - Consumer Key >> - Scopes >> - ResponseType >> >> >> We can register new CallBackHandlers based on the requirements and >> configure it in identity.xml file >> >> <OAuthCallbackHandlers> >> <OAuthCallbackHandler >> Class="org.wso2.carbon.identity.oauth.callback.DefaultCallbackHandler"/> >> </OAuthCallbackHandlers> >> >> Thanks >> Isura. >> >> On Thu, Nov 2, 2017 at 2:54 PM, Danushka Fernando <danush...@wso2.com> >> wrote: >> >>> Hi All >>> When access token, id token, auth code or open id token is requested, it >>> will go through AuthorizationHandlerManager[1] class to authorize the >>> client. There are three authorization steps [2]. >>> >>> 1. First check is isAuthorized check. Here it checks whether its >>> requesting a token or a code and according to that it will check implicit >>> or code grant types are allowed for the application and returns true of >>> false.[3] >>> 2. Second check is validateAccessDelegation check. Here also it >>> checks the request type and will check allowance of implicit or code >>> grant >>> types and returns true or false.[4] >>> 3. Third is scope validation >>> >>> So according to this analysis both check #1 and #2 are doing the same >>> thing and I don't see a way of check #1 getting passed and check #2 getting >>> failed. Please correct me if I am wrong. >>> >>> If this is correct shall we do the necessary adjustment to reduce the >>> complexity of the code? >>> >>> >>> [1] >>> https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/AuthorizationHandlerManager.java >>> [2] >>> https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/AuthorizationHandlerManager.java#L100-L123 >>> [3] >>> https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/handlers/AbstractResponseTypeHandler.java#L128-L165 >>> [4] >>> https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/handlers/AbstractResponseTypeHandler.java#L66-L104 >>> >>> >>> Thanks & Regards >>> Danushka Fernando >>> Associate Tech Lead >>> WSO2 inc. http://wso2.com/ >>> Mobile : +94716332729 <+94%2071%20633%202729> >>> >> >> >> >> -- >> >> *Isura Dilhara Karunaratne* >> Associate Technical Lead | WSO2 >> Email: is...@wso2.com >> Mob : +94 772 254 810 <+94%2077%20225%204810> >> Blog : http://isurad.blogspot.com/ >> >> >> >> > -- *Isura Dilhara Karunaratne* Associate Technical Lead | WSO2 Email: is...@wso2.com Mob : +94 772 254 810 Blog : http://isurad.blogspot.com/
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
