On Tue, Nov 14, 2017 at 2:48 PM, Thilina Madumal <[email protected]> wrote:
> Hi Devs, > > Recently I have started implementing an oauth2-proxy client for Single > Page Applications to be used as the proxy for securing resource access > using OAuth2. > > During that, I wanted to validate the access token. In the documentation, > I found that it can be achieved using introspection endpoint [1]. There the > given curl commands use Basic Authorization to access the introspection > endpoint. > > As I research further I found [2] where it describes 3 methods on > authenticating and authorizing to REST-APIs in IS. > IMO it would be more convenient if there were a link between these [1] and > [2]. WDYT? > Not only introspection this is common to any REST API exposed by Identity Server. +1 for having a link to [2]. > > Highly appreciate if someone could point me a sample implementation where > ClientCertificateBasedAuthentication is used for authentication and > authorization for IS REST APIs. > If this is about client side implementation you can try it from some tool like SOAPUI. > > Also in the documentation giving a sample implementations for all the > default methods described in [2] would be helpful for both the end-users > and the community. > > [1] https://docs.wso2.com/display/IS530/Invoke+the+ > OAuth+Introspection+Endpoint > [2] https://docs.wso2.com/display/IS530/Authenticating+ > and+Authorizing+REST+APIs > > Best, > Thilina > -- > *Thilina Madumal* > *Software Engineer | **WSO2* > Email: [email protected] > Mobile: *+ <+94%2077%20767%201807>94 774553167* > Web: <http://goog_716986954>http://wso2.com > > <http://wso2.com/signature> > > -- Gayan Gunawardana Senior Software Engineer; WSO2 Inc.; http://wso2.com/ Email: [email protected] Mobile: +94 (71) 8020933
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
