Re: [Dev] Why is redirect_uris mandatory in DCR request?

2017-04-27 Thread Gayan Gunawardana 
According to documentation in [1]

{
"redirect_uris": ["server.example.com"],
"client_name": "application_1",
"ext_param_owner": "application_owner",
"grant_types": ["password"]
}

Still our intension is to accept DCR request with redirect_uris for
password grant type. Only concern is to remove mandatory validation for at
least one redirect uri if grant type is password or client credentials.

Is there a way to inform client by saying something like provided redirect
uri will not be in used ?

[1]
https://docs.wso2.com/display/IS530/OpenID+Connect+Dynamic+Client+Registration

Thanks,
Gayan

On Thu, Apr 27, 2017 at 11:06 AM, Harsha Thirimanna 
wrote:

>
>
> On 27 Apr 2017 10:56 a.m., "Manoj Gunawardena"  wrote:
>
> +1 for removing mandatory validation.
>
> Dynamic OAUTH2 client Registration management protocol [1] will implement
> in IS next version?
>
> Yes
>
> Once support that, DCR should be able to update the mandatory or optional
> of redirect urls depends on the grant type.
>
> Not under dcr. Update is under DCRM.
>
>
>
> [1] https://tools.ietf.org/html/rfc7592
>
>
>
>
> On Wed, Apr 26, 2017 at 9:17 AM, Nuwandi Wickramasinghe  > wrote:
>
>> Thanks Johann and Pushpalanka. Updated [1] with details.
>>
>> [1] - https://wso2.org/jira/browse/IDENTITY-5879
>>
>> On Tue, Apr 25, 2017 at 8:19 PM, Pushpalanka Jayawardhana > > wrote:
>>
>>> Hi,
>>>
>>> On Tue, Apr 25, 2017 at 7:51 PM, Johann Nallathamby 
>>> wrote:
>>>
 +1. However we have to make sure that if we update the application with
 authorization_code or implicit grant type, then we have to validate that at
 least one redirect_uri is also provided.

 Regards,
 Johann.

 On Tue, Apr 25, 2017 at 5:46 PM, Nuwandi Wickramasinghe <
 nuwan...@wso2.com> wrote:

> Hi,
>
> As per the DCR implementation in WSO2 IS 5.3.0, it is mandatory to
> send at least one redirect uri for any grant type and otherwise will give
> following error response.
>
> {
> "error_description": "RedirectUris property must have at least one
> URI value.",
> "error": "invalid_client_metadata"
> }
>
>
> AFAIU there is no significance of a redirect URI for grant types that
> do not have a redirection in the flow. Shall we allow client registration
> without redirect URI for the other grant types such as password, client
> credentials and SAML2
>
> [1] states that
>
> The implementation and use of all client metadata
>fields is OPTIONAL, unless stated otherwise.
>
>
> ..
>
>
> redirect_uris
>   Array of redirection URI strings for use in redirect-based flows
>   such as the authorization code and implicit flows.  As required by
>   Section 2  of OAuth 
> 2.0 [RFC6749 ], clients using flows 
> with
>   redirection MUST register their redirection URI values.
>   Authorization servers that support dynamic registration for
>   redirect-based flows MUST implement support for this metadata
>   value.
>
>
> [1] https://tools.ietf.org/html/rfc7591#section-2
>
 +1.
>>> We already have a task to track and fix on these compliancy issues as at
>>> [1]. Please create or add these details there too, so we can make sure we
>>> address this and rectify.
>>>
>>> [1] - https://wso2.org/jira/browse/IDENTITY-5879
>>>

>
> --
>
> Best Regards,
>
> Nuwandi Wickramasinghe
>
> Software Engineer
>
> WSO2 Inc.
>
> Web : http://wso2.com
>
> Mobile : 0719214873 <071%20921%204873>
>



 --
 Thanks & Regards,

 *Johann Dilantha Nallathamby*
 Technical Lead & Product Lead of WSO2 Identity Server
 Governance Technologies Team
 WSO2, Inc.
 lean.enterprise.middleware

 Mobile - *+9476950*
 Blog - *http://nallaa.wordpress.com *

>>>
>>>
>>>
>>> --
>>> Pushpalanka.
>>> --
>>> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
>>> Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
>>> Mobile: +94779716248
>>> Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/p
>>> ushpalanka/ | Twitter: @pushpalanka
>>>
>>>
>>
>>
>> --
>>
>> Best Regards,
>>
>> Nuwandi Wickramasinghe
>>
>> Software Engineer
>>
>> WSO2 Inc.
>>
>> Web : http://wso2.com
>>
>> Mobile : 0719214873
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Manoj Gunawardena
> Tech Lead
> WSO2, Inc.: http://wso2.com
> lean.enterprise.middleware
> Mobile : +94 77 2291643
>
> ___
> Dev mailing list
> Dev@wso2.org
>

Re: [Dev] Why is redirect_uris mandatory in DCR request?

2017-04-26 Thread Harsha Thirimanna 
On 27 Apr 2017 10:56 a.m., "Manoj Gunawardena"  wrote:

+1 for removing mandatory validation.

Dynamic OAUTH2 client Registration management protocol [1] will implement
in IS next version?

Yes

Once support that, DCR should be able to update the mandatory or optional
of redirect urls depends on the grant type.

Not under dcr. Update is under DCRM.



[1] https://tools.ietf.org/html/rfc7592




On Wed, Apr 26, 2017 at 9:17 AM, Nuwandi Wickramasinghe 
wrote:

> Thanks Johann and Pushpalanka. Updated [1] with details.
>
> [1] - https://wso2.org/jira/browse/IDENTITY-5879
>
> On Tue, Apr 25, 2017 at 8:19 PM, Pushpalanka Jayawardhana 
> wrote:
>
>> Hi,
>>
>> On Tue, Apr 25, 2017 at 7:51 PM, Johann Nallathamby 
>> wrote:
>>
>>> +1. However we have to make sure that if we update the application with
>>> authorization_code or implicit grant type, then we have to validate that at
>>> least one redirect_uri is also provided.
>>>
>>> Regards,
>>> Johann.
>>>
>>> On Tue, Apr 25, 2017 at 5:46 PM, Nuwandi Wickramasinghe <
>>> nuwan...@wso2.com> wrote:
>>>
 Hi,

 As per the DCR implementation in WSO2 IS 5.3.0, it is mandatory to send
 at least one redirect uri for any grant type and otherwise will give
 following error response.

 {
 "error_description": "RedirectUris property must have at least one URI
 value.",
 "error": "invalid_client_metadata"
 }


 AFAIU there is no significance of a redirect URI for grant types that
 do not have a redirection in the flow. Shall we allow client registration
 without redirect URI for the other grant types such as password, client
 credentials and SAML2

 [1] states that

 The implementation and use of all client metadata
fields is OPTIONAL, unless stated otherwise.


 ..


 redirect_uris
   Array of redirection URI strings for use in redirect-based flows
   such as the authorization code and implicit flows.  As required by
   Section 2  of OAuth 
 2.0 [RFC6749 ], clients using flows 
 with
   redirection MUST register their redirection URI values.
   Authorization servers that support dynamic registration for
   redirect-based flows MUST implement support for this metadata
   value.


 [1] https://tools.ietf.org/html/rfc7591#section-2

>>> +1.
>> We already have a task to track and fix on these compliancy issues as at
>> [1]. Please create or add these details there too, so we can make sure we
>> address this and rectify.
>>
>> [1] - https://wso2.org/jira/browse/IDENTITY-5879
>>
>>>

 --

 Best Regards,

 Nuwandi Wickramasinghe

 Software Engineer

 WSO2 Inc.

 Web : http://wso2.com

 Mobile : 0719214873 <071%20921%204873>

>>>
>>>
>>>
>>> --
>>> Thanks & Regards,
>>>
>>> *Johann Dilantha Nallathamby*
>>> Technical Lead & Product Lead of WSO2 Identity Server
>>> Governance Technologies Team
>>> WSO2, Inc.
>>> lean.enterprise.middleware
>>>
>>> Mobile - *+9476950*
>>> Blog - *http://nallaa.wordpress.com *
>>>
>>
>>
>>
>> --
>> Pushpalanka.
>> --
>> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
>> Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
>> Mobile: +94779716248
>> Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/p
>> ushpalanka/ | Twitter: @pushpalanka
>>
>>
>
>
> --
>
> Best Regards,
>
> Nuwandi Wickramasinghe
>
> Software Engineer
>
> WSO2 Inc.
>
> Web : http://wso2.com
>
> Mobile : 0719214873
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Manoj Gunawardena
Tech Lead
WSO2, Inc.: http://wso2.com
lean.enterprise.middleware
Mobile : +94 77 2291643

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Why is redirect_uris mandatory in DCR request?

2017-04-26 Thread Manoj Gunawardena 
+1 for removing mandatory validation.

Dynamic OAUTH2 client Registration management protocol [1] will implement
in IS next version?
Once support that, DCR should be able to update the mandatory or optional
of redirect urls depends on the grant type.


[1] https://tools.ietf.org/html/rfc7592




On Wed, Apr 26, 2017 at 9:17 AM, Nuwandi Wickramasinghe 
wrote:

> Thanks Johann and Pushpalanka. Updated [1] with details.
>
> [1] - https://wso2.org/jira/browse/IDENTITY-5879
>
> On Tue, Apr 25, 2017 at 8:19 PM, Pushpalanka Jayawardhana 
> wrote:
>
>> Hi,
>>
>> On Tue, Apr 25, 2017 at 7:51 PM, Johann Nallathamby 
>> wrote:
>>
>>> +1. However we have to make sure that if we update the application with
>>> authorization_code or implicit grant type, then we have to validate that at
>>> least one redirect_uri is also provided.
>>>
>>> Regards,
>>> Johann.
>>>
>>> On Tue, Apr 25, 2017 at 5:46 PM, Nuwandi Wickramasinghe <
>>> nuwan...@wso2.com> wrote:
>>>
 Hi,

 As per the DCR implementation in WSO2 IS 5.3.0, it is mandatory to send
 at least one redirect uri for any grant type and otherwise will give
 following error response.

 {
 "error_description": "RedirectUris property must have at least one URI
 value.",
 "error": "invalid_client_metadata"
 }


 AFAIU there is no significance of a redirect URI for grant types that
 do not have a redirection in the flow. Shall we allow client registration
 without redirect URI for the other grant types such as password, client
 credentials and SAML2

 [1] states that

 The implementation and use of all client metadata
fields is OPTIONAL, unless stated otherwise.


 ..


 redirect_uris
   Array of redirection URI strings for use in redirect-based flows
   such as the authorization code and implicit flows.  As required by
   Section 2  of OAuth 
 2.0 [RFC6749 ], clients using flows 
 with
   redirection MUST register their redirection URI values.
   Authorization servers that support dynamic registration for
   redirect-based flows MUST implement support for this metadata
   value.


 [1] https://tools.ietf.org/html/rfc7591#section-2

>>> +1.
>> We already have a task to track and fix on these compliancy issues as at
>> [1]. Please create or add these details there too, so we can make sure we
>> address this and rectify.
>>
>> [1] - https://wso2.org/jira/browse/IDENTITY-5879
>>
>>>

 --

 Best Regards,

 Nuwandi Wickramasinghe

 Software Engineer

 WSO2 Inc.

 Web : http://wso2.com

 Mobile : 0719214873 <071%20921%204873>

>>>
>>>
>>>
>>> --
>>> Thanks & Regards,
>>>
>>> *Johann Dilantha Nallathamby*
>>> Technical Lead & Product Lead of WSO2 Identity Server
>>> Governance Technologies Team
>>> WSO2, Inc.
>>> lean.enterprise.middleware
>>>
>>> Mobile - *+9476950*
>>> Blog - *http://nallaa.wordpress.com *
>>>
>>
>>
>>
>> --
>> Pushpalanka.
>> --
>> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
>> Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
>> Mobile: +94779716248
>> Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/p
>> ushpalanka/ | Twitter: @pushpalanka
>>
>>
>
>
> --
>
> Best Regards,
>
> Nuwandi Wickramasinghe
>
> Software Engineer
>
> WSO2 Inc.
>
> Web : http://wso2.com
>
> Mobile : 0719214873
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Manoj Gunawardena
Tech Lead
WSO2, Inc.: http://wso2.com
lean.enterprise.middleware
Mobile : +94 77 2291643
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Why is redirect_uris mandatory in DCR request?

2017-04-25 Thread Nuwandi Wickramasinghe 
Thanks Johann and Pushpalanka. Updated [1] with details.

[1] - https://wso2.org/jira/browse/IDENTITY-5879

On Tue, Apr 25, 2017 at 8:19 PM, Pushpalanka Jayawardhana 
wrote:

> Hi,
>
> On Tue, Apr 25, 2017 at 7:51 PM, Johann Nallathamby 
> wrote:
>
>> +1. However we have to make sure that if we update the application with
>> authorization_code or implicit grant type, then we have to validate that at
>> least one redirect_uri is also provided.
>>
>> Regards,
>> Johann.
>>
>> On Tue, Apr 25, 2017 at 5:46 PM, Nuwandi Wickramasinghe <
>> nuwan...@wso2.com> wrote:
>>
>>> Hi,
>>>
>>> As per the DCR implementation in WSO2 IS 5.3.0, it is mandatory to send
>>> at least one redirect uri for any grant type and otherwise will give
>>> following error response.
>>>
>>> {
>>> "error_description": "RedirectUris property must have at least one URI
>>> value.",
>>> "error": "invalid_client_metadata"
>>> }
>>>
>>>
>>> AFAIU there is no significance of a redirect URI for grant types that do
>>> not have a redirection in the flow. Shall we allow client registration
>>> without redirect URI for the other grant types such as password, client
>>> credentials and SAML2
>>>
>>> [1] states that
>>>
>>> The implementation and use of all client metadata
>>>fields is OPTIONAL, unless stated otherwise.
>>>
>>>
>>> ..
>>>
>>>
>>> redirect_uris
>>>   Array of redirection URI strings for use in redirect-based flows
>>>   such as the authorization code and implicit flows.  As required by
>>>   Section 2  of OAuth 
>>> 2.0 [RFC6749 ], clients using flows 
>>> with
>>>   redirection MUST register their redirection URI values.
>>>   Authorization servers that support dynamic registration for
>>>   redirect-based flows MUST implement support for this metadata
>>>   value.
>>>
>>>
>>> [1] https://tools.ietf.org/html/rfc7591#section-2
>>>
>> +1.
> We already have a task to track and fix on these compliancy issues as at
> [1]. Please create or add these details there too, so we can make sure we
> address this and rectify.
>
> [1] - https://wso2.org/jira/browse/IDENTITY-5879
>
>>
>>>
>>> --
>>>
>>> Best Regards,
>>>
>>> Nuwandi Wickramasinghe
>>>
>>> Software Engineer
>>>
>>> WSO2 Inc.
>>>
>>> Web : http://wso2.com
>>>
>>> Mobile : 0719214873 <071%20921%204873>
>>>
>>
>>
>>
>> --
>> Thanks & Regards,
>>
>> *Johann Dilantha Nallathamby*
>> Technical Lead & Product Lead of WSO2 Identity Server
>> Governance Technologies Team
>> WSO2, Inc.
>> lean.enterprise.middleware
>>
>> Mobile - *+9476950*
>> Blog - *http://nallaa.wordpress.com *
>>
>
>
>
> --
> Pushpalanka.
> --
> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
> Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
> Mobile: +94779716248
> Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/p
> ushpalanka/ | Twitter: @pushpalanka
>
>


-- 

Best Regards,

Nuwandi Wickramasinghe

Software Engineer

WSO2 Inc.

Web : http://wso2.com

Mobile : 0719214873
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Why is redirect_uris mandatory in DCR request?

2017-04-25 Thread Johann Nallathamby 
+1. However we have to make sure that if we update the application with
authorization_code or implicit grant type, then we have to validate that at
least one redirect_uri is also provided.

Regards,
Johann.

On Tue, Apr 25, 2017 at 5:46 PM, Nuwandi Wickramasinghe 
wrote:

> Hi,
>
> As per the DCR implementation in WSO2 IS 5.3.0, it is mandatory to send at
> least one redirect uri for any grant type and otherwise will give following
> error response.
>
> {
> "error_description": "RedirectUris property must have at least one URI
> value.",
> "error": "invalid_client_metadata"
> }
>
>
> AFAIU there is no significance of a redirect URI for grant types that do
> not have a redirection in the flow. Shall we allow client registration
> without redirect URI for the other grant types such as password, client
> credentials and SAML2
>
> [1] states that
>
> The implementation and use of all client metadata
>fields is OPTIONAL, unless stated otherwise.
>
>
> ..
>
>
> redirect_uris
>   Array of redirection URI strings for use in redirect-based flows
>   such as the authorization code and implicit flows.  As required by
>   Section 2  of OAuth 2.0 
> [RFC6749 ], clients using flows with
>   redirection MUST register their redirection URI values.
>   Authorization servers that support dynamic registration for
>   redirect-based flows MUST implement support for this metadata
>   value.
>
>
> [1] https://tools.ietf.org/html/rfc7591#section-2
>
> --
>
> Best Regards,
>
> Nuwandi Wickramasinghe
>
> Software Engineer
>
> WSO2 Inc.
>
> Web : http://wso2.com
>
> Mobile : 0719214873
>



-- 
Thanks & Regards,

*Johann Dilantha Nallathamby*
Technical Lead & Product Lead of WSO2 Identity Server
Governance Technologies Team
WSO2, Inc.
lean.enterprise.middleware

Mobile - *+9476950*
Blog - *http://nallaa.wordpress.com *
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Why is redirect_uris mandatory in DCR request?

2017-04-25 Thread Pushpalanka Jayawardhana 
Hi,

On Tue, Apr 25, 2017 at 7:51 PM, Johann Nallathamby  wrote:

> +1. However we have to make sure that if we update the application with
> authorization_code or implicit grant type, then we have to validate that at
> least one redirect_uri is also provided.
>
> Regards,
> Johann.
>
> On Tue, Apr 25, 2017 at 5:46 PM, Nuwandi Wickramasinghe  > wrote:
>
>> Hi,
>>
>> As per the DCR implementation in WSO2 IS 5.3.0, it is mandatory to send
>> at least one redirect uri for any grant type and otherwise will give
>> following error response.
>>
>> {
>> "error_description": "RedirectUris property must have at least one URI
>> value.",
>> "error": "invalid_client_metadata"
>> }
>>
>>
>> AFAIU there is no significance of a redirect URI for grant types that do
>> not have a redirection in the flow. Shall we allow client registration
>> without redirect URI for the other grant types such as password, client
>> credentials and SAML2
>>
>> [1] states that
>>
>> The implementation and use of all client metadata
>>fields is OPTIONAL, unless stated otherwise.
>>
>>
>> ..
>>
>>
>> redirect_uris
>>   Array of redirection URI strings for use in redirect-based flows
>>   such as the authorization code and implicit flows.  As required by
>>   Section 2  of OAuth 2.0 
>> [RFC6749 ], clients using flows with
>>   redirection MUST register their redirection URI values.
>>   Authorization servers that support dynamic registration for
>>   redirect-based flows MUST implement support for this metadata
>>   value.
>>
>>
>> [1] https://tools.ietf.org/html/rfc7591#section-2
>>
> +1.
We already have a task to track and fix on these compliancy issues as at
[1]. Please create or add these details there too, so we can make sure we
address this and rectify.

[1] - https://wso2.org/jira/browse/IDENTITY-5879

>
>>
>> --
>>
>> Best Regards,
>>
>> Nuwandi Wickramasinghe
>>
>> Software Engineer
>>
>> WSO2 Inc.
>>
>> Web : http://wso2.com
>>
>> Mobile : 0719214873 <071%20921%204873>
>>
>
>
>
> --
> Thanks & Regards,
>
> *Johann Dilantha Nallathamby*
> Technical Lead & Product Lead of WSO2 Identity Server
> Governance Technologies Team
> WSO2, Inc.
> lean.enterprise.middleware
>
> Mobile - *+9476950*
> Blog - *http://nallaa.wordpress.com *
>



-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/
pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Why is redirect_uris mandatory in DCR request?

2017-04-25 Thread Nuwandi Wickramasinghe 
Hi,

As per the DCR implementation in WSO2 IS 5.3.0, it is mandatory to send at
least one redirect uri for any grant type and otherwise will give following
error response.

{
"error_description": "RedirectUris property must have at least one URI
value.",
"error": "invalid_client_metadata"
}


AFAIU there is no significance of a redirect URI for grant types that do
not have a redirection in the flow. Shall we allow client registration
without redirect URI for the other grant types such as password, client
credentials and SAML2

[1] states that

The implementation and use of all client metadata
   fields is OPTIONAL, unless stated otherwise.


..


redirect_uris
  Array of redirection URI strings for use in redirect-based flows
  such as the authorization code and implicit flows.  As required by
  Section 2  of
OAuth 2.0 [RFC6749 ], clients
using flows with
  redirection MUST register their redirection URI values.
  Authorization servers that support dynamic registration for
  redirect-based flows MUST implement support for this metadata
  value.


[1] https://tools.ietf.org/html/rfc7591#section-2

-- 

Best Regards,

Nuwandi Wickramasinghe

Software Engineer

WSO2 Inc.

Web : http://wso2.com

Mobile : 0719214873
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev