Re: [Architecture] Making self-contained access tokens the default in APIM 3.0

2019-11-26 Thread Chamila Adhikarinayake
*Subject:* [Architecture] Making self-contained access tokens the default > in APIM 3.0 > > Hi, > > With the introduction of the Microgateway self-contained access tokens > were supported in the API Manager since version 2.5. Self-contained access > tokens however were only s

Re: [Architecture] Making self-contained access tokens the default in APIM 3.0

2019-09-23 Thread Ashish Sharma
To: architecture Subject: [Architecture] Making self-contained access tokens the default in APIM 3.0 Hi, With the introduction of the Microgateway self-contained access tokens were supported in the API Manager since version 2.5. Self-contained access tokens however were only supported

Re: [Architecture] Making self-contained access tokens the default in APIM 3.0

2019-08-26 Thread Dushan Abeyruwan
Can we expect APIM 3.0.0 milestone to be released with the token revocation feature? That's where some key business end-users relying on business functions when and if they decided to migrate. I know you have mentioned that Opaque tokens will still be supported as before, but I felt the user

Re: [Architecture] Making self-contained access tokens the default in APIM 3.0

2019-08-25 Thread Ishara Cooray
Hi, 4) Back-end JWTs will be included in as part of the access token itself (self-contained). This eliminates the need of creating back-end JWTs while the API request is being processed. Which in turn makes APIs calls much faster. Only concern, this might lead the header to become very large. In

Re: [Architecture] Making self-contained access tokens the default in APIM 3.0

2019-08-21 Thread Nuwan Dias
On Wed, 21 Aug 2019 at 10:57 pm, Manjula Rathnayake wrote: > Hi Nuwan, > > Can the same API gateway handle both self-contained and opaque tokens? > Yes it can. The gateway needs to be connected to the key manager if it is expected to validate opaque tokens. > > How does the API consumption

Re: [Architecture] Making self-contained access tokens the default in APIM 3.0

2019-08-21 Thread Nuwan Dias
On Wed, 21 Aug 2019 at 1:21 pm, Asela Pathberiya wrote: > > > On Tue, Aug 20, 2019 at 2:37 PM Nuwan Dias wrote: > >> Hi, >> >> With the introduction of the Microgateway self-contained access tokens >> were supported in the API Manager since version 2.5. Self-contained access >> tokens however

Re: [Architecture] Making self-contained access tokens the default in APIM 3.0

2019-08-21 Thread Manjula Rathnayake
Hi Nuwan, Can the same API gateway handle both self-contained and opaque tokens? How does the API consumption work? Does the application need to invoke both the KM and gateway endpoints to refresh/revoke and invoke the APIs? Thank you. On Wed, Aug 21, 2019 at 1:21 PM Asela Pathberiya wrote:

Re: [Architecture] Making self-contained access tokens the default in APIM 3.0

2019-08-21 Thread Asela Pathberiya
On Tue, Aug 20, 2019 at 2:37 PM Nuwan Dias wrote: > Hi, > > With the introduction of the Microgateway self-contained access tokens > were supported in the API Manager since version 2.5. Self-contained access > tokens however were only supported in the Microgateway so far. The regular > gateway