subject:"\[Dev\] Dynamic client registration request fails due to no user information in the request header."

Re: [Dev] Dynamic client registration request fails due to no user information in the request header.

2017-09-17 Thread Hasini Witharana

+prabath

On Sat, Sep 16, 2017 at 2:08 PM, Johann Nallathamby  wrote:

>
>
> On Sat, Sep 16, 2017 at 1:37 PM, Farasath Ahamed 
> wrote:
>
>>
>>
>>
>>
>> On Sat, Sep 16, 2017 at 1:21 PM, Johann Nallathamby 
>> wrote:
>>
>>> Tenant domain of the application should always be read from the resource
>>> path - i.e. URL.
>>>
>>> We can't read it from the user since we will have to support SaaS mode,
>>> which is to authenticate with a super tenant user and create the
>>> application in a tenant.
>>>
>>
>>
>> Can we really do this? Authenticate from super tenant credentials and
>> create an application in tenant?
>>
>> Our token endpoint derives the app's tenant domain from the tenantDomain
>> of the user who created the app[1]. The assumption behind is that we can
>> create apps across tenants. ie. A user from super tenant cannot go and
>> create an app in a tenant.
>>
>
> I didn't think much about the DCR use case. I was talking in general.
> First we need to think if SaaS scenario is applicable for DCR. If it is we
> need to fix above limitation :). AFAIK above limitation comes because of
> the limitation in the schema we have. And may be some model objects.
> Nothing else. This is because OAuth2 was written way before IS 5.0.0 which
> introduced SaaS concept. May be we even don't need to fix it immediately.
> But we must follow same security pattern for all Rest endpoints, regardless
> of limitations within the component.
>
>
>>
>>
>> [1] https://github.com/wso2-extensions/identity-inbound-auth
>> -oauth/blob/master/components/org.wso2.carbon.identity.oauth
>> /src/main/java/org/wso2/carbon/identity/oauth2/token/AccessT
>> okenIssuer.java#L129
>>
>>
>>>
>>> Please note that this is a standard pattern we follow in IS now, for
>>> almost all endpoints. Therefore no one could be ignorant about it. Any new
>>> Rest  endpoint development must follow the same security pattern. We do
>>> this with the help of the Authn/Authz valve implemented by Harsha.
>>>
>>> Regards,
>>> Johann.
>>>
>>> On Sat, Sep 16, 2017 at 1:11 PM, Hasintha Indrajee 
>>> wrote:
>>>
 Just asking for my knowledge,

 How do we identify the tenant domain of the application ? Do we have it
 in the context path ?, do we get it from user ?, or do we have anyway to
 convey it within the body (by appending to something) ? In a case if we get
 it from the identified user, how are we going to identify it from a request
 without any authentication mechanism ?.

 On Sat, Sep 16, 2017 at 12:36 PM, Gayan Gunawardana 
 wrote:

>
>
> On Fri, Sep 15, 2017 at 2:47 PM, Hasini Witharana 
> wrote:
>
>> Hi,
>>
>> In OIDC dynamic client registration, in the request header we need to
>> send an already existing user and the password to register a client in 
>> WSO2
>> Identity server.In OIDC specification[1], It is not mandatory to send 
>> user
>> details to register a client.
>>
>> When running the OIDC test suite for dynamic profile, test suite does
>> not send any user details in the header. So we can't create any client 
>> and
>> the test fails.
>>
>> For that issue if any user details are not provided in the
>> registration request we can assign an anonymous user(*wso2*.
>> *anonymous*.*user*) and register the client.
>>
> IMO correct design should be completely remove the requirement of
> having a user. If we use *"wso2*.*anonymous*.*user" *some application
> may have real username and some application may have *"wso2*.
> *anonymous*.*user" *which end up with inconsistency.
> Also need to think about creating a role per service provider if any
> user doesn't have that role.
>
>>
>> [1] - https://openid.net/specs/openid-connect-registration-1_0.html
>>
>> --
>>
>> *Hasini Witharana*
>> Software Engineering Intern | WSO2
>>
>>
>> *Email : hasi...@wso2.com *
>>
>> *Mobile : +94713850143 <+94%2071%20385%200143>[image:
>> http://wso2.com/signature] *
>>
>> --
>> You received this message because you are subscribed to the Google
>> Groups "WSO2 Engineering Group" group.
>> To unsubscribe from this group and stop receiving emails from it,
>> send an email to engineering-group+unsubscr...@wso2.com.
>> For more options, visit https://groups.google.com/a/wso2.com/d/optout
>> .
>>
>
>
>
> --
> Gayan Gunawardana
> Senior Software Engineer; WSO2 Inc.; http://wso2.com/
> Email: ga...@wso2.com
> Mobile: +94 (71) 8020933
>
> --
> You received this message because you are subscribed to the Google
> Groups "WSO2 Engineering Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to

Re: [Dev] Dynamic client registration request fails due to no user information in the request header.

2017-09-16 Thread Johann Nallathamby

On Sat, Sep 16, 2017 at 1:37 PM, Farasath Ahamed  wrote:

>
>
>
>
> On Sat, Sep 16, 2017 at 1:21 PM, Johann Nallathamby 
> wrote:
>
>> Tenant domain of the application should always be read from the resource
>> path - i.e. URL.
>>
>> We can't read it from the user since we will have to support SaaS mode,
>> which is to authenticate with a super tenant user and create the
>> application in a tenant.
>>
>
>
> Can we really do this? Authenticate from super tenant credentials and
> create an application in tenant?
>
> Our token endpoint derives the app's tenant domain from the tenantDomain
> of the user who created the app[1]. The assumption behind is that we can
> create apps across tenants. ie. A user from super tenant cannot go and
> create an app in a tenant.
>

I didn't think much about the DCR use case. I was talking in general. First
we need to think if SaaS scenario is applicable for DCR. If it is we need
to fix above limitation :). AFAIK above limitation comes because of the
limitation in the schema we have. And may be some model objects. Nothing
else. This is because OAuth2 was written way before IS 5.0.0 which
introduced SaaS concept. May be we even don't need to fix it immediately.
But we must follow same security pattern for all Rest endpoints, regardless
of limitations within the component.


>
>
> [1] https://github.com/wso2-extensions/identity-inbound-auth
> -oauth/blob/master/components/org.wso2.carbon.identity.
> oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/A
> ccessTokenIssuer.java#L129
>
>
>>
>> Please note that this is a standard pattern we follow in IS now, for
>> almost all endpoints. Therefore no one could be ignorant about it. Any new
>> Rest  endpoint development must follow the same security pattern. We do
>> this with the help of the Authn/Authz valve implemented by Harsha.
>>
>> Regards,
>> Johann.
>>
>> On Sat, Sep 16, 2017 at 1:11 PM, Hasintha Indrajee 
>> wrote:
>>
>>> Just asking for my knowledge,
>>>
>>> How do we identify the tenant domain of the application ? Do we have it
>>> in the context path ?, do we get it from user ?, or do we have anyway to
>>> convey it within the body (by appending to something) ? In a case if we get
>>> it from the identified user, how are we going to identify it from a request
>>> without any authentication mechanism ?.
>>>
>>> On Sat, Sep 16, 2017 at 12:36 PM, Gayan Gunawardana 
>>> wrote:
>>>


 On Fri, Sep 15, 2017 at 2:47 PM, Hasini Witharana 
 wrote:

> Hi,
>
> In OIDC dynamic client registration, in the request header we need to
> send an already existing user and the password to register a client in 
> WSO2
> Identity server.In OIDC specification[1], It is not mandatory to send user
> details to register a client.
>
> When running the OIDC test suite for dynamic profile, test suite does
> not send any user details in the header. So we can't create any client and
> the test fails.
>
> For that issue if any user details are not provided in the
> registration request we can assign an anonymous user(*wso2*.
> *anonymous*.*user*) and register the client.
>
 IMO correct design should be completely remove the requirement of
 having a user. If we use *"wso2*.*anonymous*.*user" *some application
 may have real username and some application may have *"wso2*.
 *anonymous*.*user" *which end up with inconsistency.
 Also need to think about creating a role per service provider if any
 user doesn't have that role.

>
> [1] - https://openid.net/specs/openid-connect-registration-1_0.html
>
> --
>
> *Hasini Witharana*
> Software Engineering Intern | WSO2
>
>
> *Email : hasi...@wso2.com *
>
> *Mobile : +94713850143 <+94%2071%20385%200143>[image:
> http://wso2.com/signature] *
>
> --
> You received this message because you are subscribed to the Google
> Groups "WSO2 Engineering Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to engineering-group+unsubscr...@wso2.com.
> For more options, visit https://groups.google.com/a/wso2.com/d/optout.
>



 --
 Gayan Gunawardana
 Senior Software Engineer; WSO2 Inc.; http://wso2.com/
 Email: ga...@wso2.com
 Mobile: +94 (71) 8020933

 --
 You received this message because you are subscribed to the Google
 Groups "WSO2 Engineering Group" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to engineering-group+unsubscr...@wso2.com.
 For more options, visit https://groups.google.com/a/wso2.com/d/optout.

>>>
>>>
>>>
>>> --
>>> Hasintha Indrajee
>>> WSO2, Inc.
>>> Mobile:+94 771892453 <+94%2077%20189%202453>
>>>
>>>
>>
>>
>> --
>> Thanks &

Re: [Dev] Dynamic client registration request fails due to no user information in the request header.

2017-09-16 Thread Farasath Ahamed

On Sat, Sep 16, 2017 at 1:21 PM, Johann Nallathamby  wrote:

> Tenant domain of the application should always be read from the resource
> path - i.e. URL.
>
> We can't read it from the user since we will have to support SaaS mode,
> which is to authenticate with a super tenant user and create the
> application in a tenant.
>


Can we really do this? Authenticate from super tenant credentials and
create an application in tenant?

Our token endpoint derives the app's tenant domain from the tenantDomain of
the user who created the app[1]. The assumption behind is that we can
create apps across tenants. ie. A user from super tenant cannot go and
create an app in a tenant.


[1]
https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/AccessTokenIssuer.java#L129


>
> Please note that this is a standard pattern we follow in IS now, for
> almost all endpoints. Therefore no one could be ignorant about it. Any new
> Rest  endpoint development must follow the same security pattern. We do
> this with the help of the Authn/Authz valve implemented by Harsha.
>
> Regards,
> Johann.
>
> On Sat, Sep 16, 2017 at 1:11 PM, Hasintha Indrajee 
> wrote:
>
>> Just asking for my knowledge,
>>
>> How do we identify the tenant domain of the application ? Do we have it
>> in the context path ?, do we get it from user ?, or do we have anyway to
>> convey it within the body (by appending to something) ? In a case if we get
>> it from the identified user, how are we going to identify it from a request
>> without any authentication mechanism ?.
>>
>> On Sat, Sep 16, 2017 at 12:36 PM, Gayan Gunawardana 
>> wrote:
>>
>>>
>>>
>>> On Fri, Sep 15, 2017 at 2:47 PM, Hasini Witharana 
>>> wrote:
>>>
 Hi,

 In OIDC dynamic client registration, in the request header we need to
 send an already existing user and the password to register a client in WSO2
 Identity server.In OIDC specification[1], It is not mandatory to send user
 details to register a client.

 When running the OIDC test suite for dynamic profile, test suite does
 not send any user details in the header. So we can't create any client and
 the test fails.

 For that issue if any user details are not provided in the registration
 request we can assign an anonymous user(*wso2*.*anonymous*.*user*) and
 register the client.

>>> IMO correct design should be completely remove the requirement of having
>>> a user. If we use *"wso2*.*anonymous*.*user" *some application may have
>>> real username and some application may have *"wso2*.*anonymous*.*user" 
>>> *which
>>> end up with inconsistency.
>>> Also need to think about creating a role per service provider if any
>>> user doesn't have that role.
>>>

 [1] - https://openid.net/specs/openid-connect-registration-1_0.html

 --

 *Hasini Witharana*
 Software Engineering Intern | WSO2


 *Email : hasi...@wso2.com *

 *Mobile : +94713850143 <+94%2071%20385%200143>[image:
 http://wso2.com/signature] *

 --
 You received this message because you are subscribed to the Google
 Groups "WSO2 Engineering Group" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to engineering-group+unsubscr...@wso2.com.
 For more options, visit https://groups.google.com/a/wso2.com/d/optout.

>>>
>>>
>>>
>>> --
>>> Gayan Gunawardana
>>> Senior Software Engineer; WSO2 Inc.; http://wso2.com/
>>> Email: ga...@wso2.com
>>> Mobile: +94 (71) 8020933
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "WSO2 Engineering Group" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to engineering-group+unsubscr...@wso2.com.
>>> For more options, visit https://groups.google.com/a/wso2.com/d/optout.
>>>
>>
>>
>>
>> --
>> Hasintha Indrajee
>> WSO2, Inc.
>> Mobile:+94 771892453 <+94%2077%20189%202453>
>>
>>
>
>
> --
> Thanks & Regards,
>
> *Johann Dilantha Nallathamby*
> Senior Lead Solutions Engineer
> WSO2, Inc.
> lean.enterprise.middleware
>
> Mobile - *+9476950*
> Blog - *http://nallaa.wordpress.com *
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Dynamic client registration request fails due to no user information in the request header.

2017-09-16 Thread Johann Nallathamby

Tenant domain of the application should always be read from the resource
path - i.e. URL.

We can't read it from the user since we will have to support SaaS mode,
which is to authenticate with a super tenant user and create the
application in a tenant.

Please note that this is a standard pattern we follow in IS now, for almost
all endpoints. Therefore no one could be ignorant about it. Any new Rest
 endpoint development must follow the same security pattern. We do this
with the help of the Authn/Authz valve implemented by Harsha.

Regards,
Johann.

On Sat, Sep 16, 2017 at 1:11 PM, Hasintha Indrajee 
wrote:

> Just asking for my knowledge,
>
> How do we identify the tenant domain of the application ? Do we have it in
> the context path ?, do we get it from user ?, or do we have anyway to
> convey it within the body (by appending to something) ? In a case if we get
> it from the identified user, how are we going to identify it from a request
> without any authentication mechanism ?.
>
> On Sat, Sep 16, 2017 at 12:36 PM, Gayan Gunawardana 
> wrote:
>
>>
>>
>> On Fri, Sep 15, 2017 at 2:47 PM, Hasini Witharana 
>> wrote:
>>
>>> Hi,
>>>
>>> In OIDC dynamic client registration, in the request header we need to
>>> send an already existing user and the password to register a client in WSO2
>>> Identity server.In OIDC specification[1], It is not mandatory to send user
>>> details to register a client.
>>>
>>> When running the OIDC test suite for dynamic profile, test suite does
>>> not send any user details in the header. So we can't create any client and
>>> the test fails.
>>>
>>> For that issue if any user details are not provided in the registration
>>> request we can assign an anonymous user(*wso2*.*anonymous*.*user*) and
>>> register the client.
>>>
>> IMO correct design should be completely remove the requirement of having
>> a user. If we use *"wso2*.*anonymous*.*user" *some application may have
>> real username and some application may have *"wso2*.*anonymous*.*user" *which
>> end up with inconsistency.
>> Also need to think about creating a role per service provider if any user
>> doesn't have that role.
>>
>>>
>>> [1] - https://openid.net/specs/openid-connect-registration-1_0.html
>>>
>>> --
>>>
>>> *Hasini Witharana*
>>> Software Engineering Intern | WSO2
>>>
>>>
>>> *Email : hasi...@wso2.com *
>>>
>>> *Mobile : +94713850143 <+94%2071%20385%200143>[image:
>>> http://wso2.com/signature] *
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "WSO2 Engineering Group" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to engineering-group+unsubscr...@wso2.com.
>>> For more options, visit https://groups.google.com/a/wso2.com/d/optout.
>>>
>>
>>
>>
>> --
>> Gayan Gunawardana
>> Senior Software Engineer; WSO2 Inc.; http://wso2.com/
>> Email: ga...@wso2.com
>> Mobile: +94 (71) 8020933
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "WSO2 Engineering Group" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to engineering-group+unsubscr...@wso2.com.
>> For more options, visit https://groups.google.com/a/wso2.com/d/optout.
>>
>
>
>
> --
> Hasintha Indrajee
> WSO2, Inc.
> Mobile:+94 771892453 <+94%2077%20189%202453>
>
>


-- 
Thanks & Regards,

*Johann Dilantha Nallathamby*
Senior Lead Solutions Engineer
WSO2, Inc.
lean.enterprise.middleware

Mobile - *+9476950*
Blog - *http://nallaa.wordpress.com *
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Dynamic client registration request fails due to no user information in the request header.

2017-09-16 Thread Hasintha Indrajee

Just asking for my knowledge,

How do we identify the tenant domain of the application ? Do we have it in
the context path ?, do we get it from user ?, or do we have anyway to
convey it within the body (by appending to something) ? In a case if we get
it from the identified user, how are we going to identify it from a request
without any authentication mechanism ?.

On Sat, Sep 16, 2017 at 12:36 PM, Gayan Gunawardana  wrote:

>
>
> On Fri, Sep 15, 2017 at 2:47 PM, Hasini Witharana 
> wrote:
>
>> Hi,
>>
>> In OIDC dynamic client registration, in the request header we need to
>> send an already existing user and the password to register a client in WSO2
>> Identity server.In OIDC specification[1], It is not mandatory to send user
>> details to register a client.
>>
>> When running the OIDC test suite for dynamic profile, test suite does not
>> send any user details in the header. So we can't create any client and the
>> test fails.
>>
>> For that issue if any user details are not provided in the registration
>> request we can assign an anonymous user(*wso2*.*anonymous*.*user*) and
>> register the client.
>>
> IMO correct design should be completely remove the requirement of having a
> user. If we use *"wso2*.*anonymous*.*user" *some application may have
> real username and some application may have *"wso2*.*anonymous*.*user" *which
> end up with inconsistency.
> Also need to think about creating a role per service provider if any user
> doesn't have that role.
>
>>
>> [1] - https://openid.net/specs/openid-connect-registration-1_0.html
>>
>> --
>>
>> *Hasini Witharana*
>> Software Engineering Intern | WSO2
>>
>>
>> *Email : hasi...@wso2.com *
>>
>> *Mobile : +94713850143 <+94%2071%20385%200143>[image:
>> http://wso2.com/signature] *
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "WSO2 Engineering Group" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to engineering-group+unsubscr...@wso2.com.
>> For more options, visit https://groups.google.com/a/wso2.com/d/optout.
>>
>
>
>
> --
> Gayan Gunawardana
> Senior Software Engineer; WSO2 Inc.; http://wso2.com/
> Email: ga...@wso2.com
> Mobile: +94 (71) 8020933
>
> --
> You received this message because you are subscribed to the Google Groups
> "WSO2 Engineering Group" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to engineering-group+unsubscr...@wso2.com.
> For more options, visit https://groups.google.com/a/wso2.com/d/optout.
>



-- 
Hasintha Indrajee
WSO2, Inc.
Mobile:+94 771892453
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Dynamic client registration request fails due to no user information in the request header.

2017-09-16 Thread Gayan Gunawardana

On Fri, Sep 15, 2017 at 2:47 PM, Hasini Witharana  wrote:

> Hi,
>
> In OIDC dynamic client registration, in the request header we need to send
> an already existing user and the password to register a client in WSO2
> Identity server.In OIDC specification[1], It is not mandatory to send user
> details to register a client.
>
> When running the OIDC test suite for dynamic profile, test suite does not
> send any user details in the header. So we can't create any client and the
> test fails.
>
> For that issue if any user details are not provided in the registration
> request we can assign an anonymous user(*wso2*.*anonymous*.*user*) and
> register the client.
>
IMO correct design should be completely remove the requirement of having a
user. If we use *"wso2*.*anonymous*.*user" *some application may have real
username and some application may have *"wso2*.*anonymous*.*user" *which
end up with inconsistency.
Also need to think about creating a role per service provider if any user
doesn't have that role.

>
> [1] - https://openid.net/specs/openid-connect-registration-1_0.html
>
> --
>
> *Hasini Witharana*
> Software Engineering Intern | WSO2
>
>
> *Email : hasi...@wso2.com *
>
> *Mobile : +94713850143 <+94%2071%20385%200143>[image:
> http://wso2.com/signature] *
>
> --
> You received this message because you are subscribed to the Google Groups
> "WSO2 Engineering Group" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to engineering-group+unsubscr...@wso2.com.
> For more options, visit https://groups.google.com/a/wso2.com/d/optout.
>



-- 
Gayan Gunawardana
Senior Software Engineer; WSO2 Inc.; http://wso2.com/
Email: ga...@wso2.com
Mobile: +94 (71) 8020933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Dynamic client registration request fails due to no user information in the request header.

2017-09-15 Thread Farasath Ahamed

Based on the spec,

To support open Dynamic Registration, the Client Registration Endpoint
> SHOULD accept registration requests without OAuth 2.0 Access Tokens. These
> requests MAY be rate-limited or *otherwise limited to prevent a
> denial-of-service attack* on the Client Registration Endpoint. If an
> Initial Access Token is required for Client registration, the Client
> Registration Endpoint MUST be able to accept these Access Tokens in the
> manner described in the OAuth 2.0 Bearer Token Usage [RFC6750]
> specification.


So our current implementation is not entirely deviating from the
specification. However, I feel it would be better if we could support the
case of making the Client Registration Endpoint open if someone opts to do
so (ie. remove authentication) as you have suggested.




Farasath Ahamed
Software Engineer, WSO2 Inc.; http://wso2.com
Mobile: +94777603866
Blog: blog.farazath.com
Twitter: @farazath619 




On Fri, Sep 15, 2017 at 2:47 PM, Hasini Witharana  wrote:

> Hi,
>
> In OIDC dynamic client registration, in the request header we need to send
> an already existing user and the password to register a client in WSO2
> Identity server.In OIDC specification[1], It is not mandatory to send user
> details to register a client.
>
> When running the OIDC test suite for dynamic profile, test suite does not
> send any user details in the header. So we can't create any client and the
> test fails.
>
> For that issue if any user details are not provided in the registration
> request we can assign an anonymous user(*wso2*.*anonymous*.*user*) and
> register the client.
>
> [1] - https://openid.net/specs/openid-connect-registration-1_0.html
>
> --
>
> *Hasini Witharana*
> Software Engineering Intern | WSO2
>
>
> *Email : hasi...@wso2.com *
>
> *Mobile : +94713850143 <+94%2071%20385%200143>[image:
> http://wso2.com/signature] *
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Dynamic client registration request fails due to no user information in the request header.

2017-09-15 Thread Hasini Witharana

Hi,

In OIDC dynamic client registration, in the request header we need to send
an already existing user and the password to register a client in WSO2
Identity server.In OIDC specification[1], It is not mandatory to send user
details to register a client.

When running the OIDC test suite for dynamic profile, test suite does not
send any user details in the header. So we can't create any client and the
test fails.

For that issue if any user details are not provided in the registration
request we can assign an anonymous user(*wso2*.*anonymous*.*user*) and
register the client.

[1] - https://openid.net/specs/openid-connect-registration-1_0.html

-- 

*Hasini Witharana*
Software Engineering Intern | WSO2


*Email : hasi...@wso2.com *

*Mobile : +94713850143[image: http://wso2.com/signature]
*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Dynamic client registration request fails due to no user information in the request header.

Re: [Dev] Dynamic client registration request fails due to no user information in the request header.

Re: [Dev] Dynamic client registration request fails due to no user information in the request header.

Re: [Dev] Dynamic client registration request fails due to no user information in the request header.

Re: [Dev] Dynamic client registration request fails due to no user information in the request header.

Re: [Dev] Dynamic client registration request fails due to no user information in the request header.

Re: [Dev] Dynamic client registration request fails due to no user information in the request header.

[Dev] Dynamic client registration request fails due to no user information in the request header.

8 matches

Site Navigation

Mail list logo

Footer information