On Tue, Mar 12, 2019 at 7:45 AM Ruwan Abeykoon <[email protected]> wrote:
> Hi Isuranga, > We can add additional header to make this authenticator engaged. e.g. [1] > +1 to use a custom header. > Better not tie up the authenticator to the hardcoded > path "INTROSPECTION_URI" > > > [1] > https://www.ibm.com/support/knowledgecenter/en/SSMNED_2018/com.ibm.apic.apionprem.doc/oauth_introspection.html > > Cheers, > Ruwan > > > On Tue, Mar 12, 2019 at 12:30 PM Isuranga Perera <[email protected]> > wrote: > >> Hi all >> >> I'm working on the improvement of client authentication for OAuth2 >> Introspection endpoint[1]. Currently, it supports authentication via basic >> authentication and bearer token authentication. >> >> In this improvement, we're going to introduce authentication via client >> ID and secret. >> >> But the problem with this approach is that both basic authentication and >> the $subject has the same authorization header. Because of this reason >> incoming requests have to go through both basic authentication handler and >> $subject authentication handler which results in additional overhead. >> >> The current implementation is as follows[2]. Please provide your insight >> on the $subject. >> >> [1] https://github.com/wso2/product-is/issues/4314 >> [2] https://github.com/wso2-extensions/identity-carbon-auth-rest/pull/67 >> >> Best Regards >> Isuranga Perera >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> > > > -- > > *Ruwan Abeykoon* > *Associate Director/Architect**,* > *WSO2, Inc. http://wso2.com <https://wso2.com/signature> * > *lean.enterprise.middleware.* > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- Farasath Ahamed Senior Software Engineer, WSO2 Inc.; http://wso2.com Mobile: +94777603866 Blog: blog.farazath.com Twitter: @farazath619 <https://twitter.com/farazath619> <http://wso2.com/signature>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
