Hi Nilasini and Farasath, Thank you for your assistance.
I checked with WSO2 IS 5.8.0 RC1 and it is fixed. Thanks, Chanaka On Fri, May 10, 2019 at 4:43 PM Nilasini Thirunavukkarasu <[email protected]> wrote: > Hi Farasath, > > Seems like we have already added that logic as well [1]. If we have > specified a known token type hint then we are only searching the token > according to the given token_type_hint, if we are not specifying or specify > an unknown token_type_hint then we are searching through all the available > token validators and validate the token. > > [1] > https://github.com/wso2-extensions/identity-inbound-auth-oauth/pull/970/files#diff-1e2e2c1e5664f2003188d37ab53048fdR237 > > Thanks, > Nila. > > On Fri, May 10, 2019 at 4:08 PM Farasath Ahamed <[email protected]> > wrote: > >> Hi, >> >> While supporting *token_type_hint *value access_token and refresh_token >> is good, it looks like we need to fix the logic of handling unknown >> token_type_hints. >> >> I think Chanaka has raised a valid concern here. If an invalid token hint >> is given then we need to do a full search. But it seems that we rely on the >> provided token_type_hint to do the search. >> >> @Chanaka Lakmal <[email protected]> Can you create a git issue for this >> under product-is repo? >> >> >> Regards, >> Farasath >> >> On Fri, May 10, 2019 at 3:34 PM Nilasini Thirunavukkarasu < >> [email protected]> wrote: >> >>> Hi Chanaka, >>> >>> supporting *token_type_hint *parameter had been fixed in the master >>> branch [1][2] and will be released with the upcoming release. >>> >>> [1] https://github.com/wso2/product-is/issues/3780 >>> [2] >>> https://github.com/wso2-extensions/identity-inbound-auth-oauth/pull/970/files#diff-78ef442733b42d8573912a910e98d884R83 >>> >>> Thanks, >>> Nila. >>> >>> On Fri, May 10, 2019 at 3:09 PM Chanaka Lakmal <[email protected]> >>> wrote: >>> >>>> Hi all, >>>> >>>> I encountered an issue when trying to Invoke the OAuth2 Introspection >>>> Endpoint of WSO2 IS 5.7.0 as guided by the doc [1]. These are the scenarios >>>> I tried a valid token, and a part of the response status: >>>> >>>> >>>> 1. Invoke introspection endpoint with the *token. *Response - >>>> {"active":true} >>>> curl -k -u admin:admin -H 'Content-Type: >>>> application/x-www-form-urlencoded' -X POST --data >>>> 'token=334060588-dd4e-36a5-ad93-440cc77a1cfb' >>>> https://localhost:9443/oauth2/introspect >>>> >>>> 2. Invoke introspection endpoint with the *token* and >>>> *token_type_hint*=*bearer*. Response - {"active":true} >>>> curl -k -u admin:admin -H 'Content-Type: >>>> application/x-www-form-urlencoded' -X POST --data >>>> 'token=334060588-dd4e-36a5-ad93-440cc77a1cfb&token_type_hint=bearer' >>>> https://localhost:9443/oauth2/introspect >>>> >>>> 3. Invoke introspection endpoint with the *token* and >>>> *token_type_hint*=*access_token*. Response - {"active":false} >>>> curl -k -u admin:admin -H 'Content-Type: >>>> application/x-www-form-urlencoded' -X POST --data >>>> >>>> 'token=334060588-dd4e-36a5-ad93-440cc77a1cfb&token_type_hint=access_token' >>>> https://localhost:9443/oauth2/introspect >>>> >>>> >>>> According to the OAuth2 token introspection specification [2], >>>> >>>> If the server is unable to locate the token using the given hint, >>>> >>>> it MUST extend its search across all of its supported token types. >>>> >>>> >>>> So, according to the specification, It should send the active parameter >>>> of the response as true in the 3rd scenario. >>>> >>>> Appreciate your thoughts on this. >>>> >>>> [1] >>>> https://docs.wso2.com/display/IS541/Invoke+the+OAuth+Introspection+Endpoint >>>> [2] https://tools.ietf.org/html/rfc7662#section-2.1 >>>> >>>> Thanks, >>>> Chanaka >>>> -- >>>> *Chanaka Lakmal* | Software Engineer | WSO2 Inc. >>>> Mobile : (+94) 77 596 2256 >>>> >>>> >>>> * <https://wso2.com/signature>* >>>> >>> >>> >>> -- >>> Nilasini Thirunavukkarasu >>> Senior Software Engineer - WSO2 >>> >>> Email : [email protected] >>> Mobile : +94775241823 >>> Web : http://wso2.com/ >>> >>> >>> <http://wso2.com/signature> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >> >> >> -- >> Farasath Ahamed >> Associate Technical Lead, WSO2 Inc.: http://wso2.com >> Mobile: +94777603866 >> Blog: https://farasath.blogspot.com / https://medium.com/@farasath >> Twitter: @farazath619 <https://twitter.com/farazath619> >> <http://wso2.com/signature> >> >> >> >> > > -- > Nilasini Thirunavukkarasu > Senior Software Engineer - WSO2 > > Email : [email protected] > Mobile : +94775241823 > Web : http://wso2.com/ > > > <http://wso2.com/signature> > -- *Chanaka Lakmal* | Software Engineer | WSO2 Inc. Mobile : (+94) 77 596 2256 Web : ldclakmal.me LinkedIn : linkedin.com/in/ldclakmal GitHub : github.com/ldclakmal Medium : medium.com/@ldclakmal Twitter : twitter.com/ldclakmal92 * <https://wso2.com/signature>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
