Re: [Architecture] [UUF] Extensible Session Management for UUF

On Tue, May 2, 2017 at 10:44 AM, Dilan Udara Ariyaratne wrote: > > In the meantime, could you elaborate on the method level details of the > Session manager interface, too? > ​SessionManager:​ ​https://github.com/wso2/carbon-uuf/pull/241/files#diff-

Re: [Architecture] Validate Authorization headers for Oauth endpoints

On Tue, May 2, 2017 at 9:55 AM, Manoj Gunawardena wrote: > If permission check not provided, is it allow to all? > Any reason for token and user info end points hasn't check permissions? > OAuth token endpoint, client has to authenticate using client_id , client_secret. As for

Re: [Architecture] Validate Authorization headers for Oauth endpoints

If permission check not provided, is it allow to all? Any reason for token and user info end points hasn't check permissions? On Tue, May 2, 2017 at 3:02 AM, Farasath Ahamed wrote: > > > > On Tue, May 2, 2017 at 1:48 AM, Manoj Gunawardena wrote: > >> +1 for

Re: [Architecture] Validate Authorization headers for Oauth endpoints

On Tue, May 2, 2017 at 1:48 AM, Manoj Gunawardena wrote: > +1 for handle authorization in consistent way for all end points. > Such as > "/oauth2/introspect" > "oauth2/userinfo" > > According to IS 5.3 Authentication and Authorization of REST APIS > mechanism [1], what are the

Re: [Architecture] Validate Authorization headers for Oauth endpoints

+1 for handle authorization in consistent way for all end points. Such as "/oauth2/introspect" "oauth2/userinfo" According to IS 5.3 Authentication and Authorization of REST APIS mechanism [1], what are the permission strings assign for following end points. "oauth2/token" "oauth2/revoke"

Re: [Architecture] [UUF] Extensible Session Management for UUF

It is beneficial to have this in the UUF. Many frameworks (in particular web frameworks such as Django, CakePHP and Ruby on Rails) support this kind of pluggable Session Management capabilities. On Fri, Apr 28, 2017 at 3:46 PM, Vidura Nanayakkara wrote: > Hi All, > > We are