Re: [Dev] Enable client_id and client_secret based authentication to Introspection endpoint

2019-03-12 Thread Pubudu Gunatilaka 
Hi Isuranga,

On Tue, Mar 12, 2019 at 12:30 PM Isuranga Perera  wrote:

> Hi all
>
> I'm working on the improvement of client authentication for OAuth2
> Introspection endpoint[1]. Currently, it supports authentication via basic
> authentication and bearer token authentication.
>
> In this improvement, we're going to introduce authentication via client ID
> and secret.
>

Do any valid client ID and secret in the system do the authentication or it
has to be the relevant token's client ID and secret?

Thank you!
-- 
*Pubudu Gunatilaka*
Committer and PMC Member - Apache Stratos
Associate Technical Lead
WSO2, Inc.: http://wso2.com
mobile : +94774078049 <%2B94772207163>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Enable client_id and client_secret based authentication to Introspection endpoint

2019-03-12 Thread Farasath Ahamed 
On Tue, Mar 12, 2019 at 7:45 AM Ruwan Abeykoon  wrote:

> Hi Isuranga,
> We can add additional header to make this authenticator engaged. e.g. [1]
>

+1 to use a custom header.


> Better not tie up the authenticator to the hardcoded
> path "INTROSPECTION_URI"
>
>
> [1]
> https://www.ibm.com/support/knowledgecenter/en/SSMNED_2018/com.ibm.apic.apionprem.doc/oauth_introspection.html
>
> Cheers,
> Ruwan
>
>
> On Tue, Mar 12, 2019 at 12:30 PM Isuranga Perera 
> wrote:
>
>> Hi all
>>
>> I'm working on the improvement of client authentication for OAuth2
>> Introspection endpoint[1]. Currently, it supports authentication via basic
>> authentication and bearer token authentication.
>>
>> In this improvement, we're going to introduce authentication via client
>> ID and secret.
>>
>> But the problem with this approach is that both basic authentication and
>> the $subject has the same authorization header. Because of this reason
>> incoming requests have to go through both basic authentication handler and
>> $subject authentication handler which results in additional overhead.
>>
>> The current implementation is as follows[2]. Please provide your insight
>> on the $subject.
>>
>> [1] https://github.com/wso2/product-is/issues/4314
>> [2] https://github.com/wso2-extensions/identity-carbon-auth-rest/pull/67
>>
>> Best Regards
>> Isuranga Perera
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>
>
> --
>
> *Ruwan Abeykoon*
> *Associate Director/Architect**,*
> *WSO2, Inc. http://wso2.com  *
> *lean.enterprise.middleware.*
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>


-- 
Farasath Ahamed
Senior Software Engineer, WSO2 Inc.; http://wso2.com
Mobile: +94777603866
Blog: blog.farazath.com
Twitter: @farazath619 

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Enable client_id and client_secret based authentication to Introspection endpoint

2019-03-12 Thread Ruwan Abeykoon 
Hi Isuranga,
We can add additional header to make this authenticator engaged. e.g. [1]

Better not tie up the authenticator to the hardcoded
path "INTROSPECTION_URI"


[1]
https://www.ibm.com/support/knowledgecenter/en/SSMNED_2018/com.ibm.apic.apionprem.doc/oauth_introspection.html

Cheers,
Ruwan


On Tue, Mar 12, 2019 at 12:30 PM Isuranga Perera  wrote:

> Hi all
>
> I'm working on the improvement of client authentication for OAuth2
> Introspection endpoint[1]. Currently, it supports authentication via basic
> authentication and bearer token authentication.
>
> In this improvement, we're going to introduce authentication via client ID
> and secret.
>
> But the problem with this approach is that both basic authentication and
> the $subject has the same authorization header. Because of this reason
> incoming requests have to go through both basic authentication handler and
> $subject authentication handler which results in additional overhead.
>
> The current implementation is as follows[2]. Please provide your insight
> on the $subject.
>
> [1] https://github.com/wso2/product-is/issues/4314
> [2] https://github.com/wso2-extensions/identity-carbon-auth-rest/pull/67
>
> Best Regards
> Isuranga Perera
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>


-- 

*Ruwan Abeykoon*
*Associate Director/Architect**,*
*WSO2, Inc. http://wso2.com  *
*lean.enterprise.middleware.*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Enable client_id and client_secret based authentication to Introspection endpoint

2019-03-12 Thread Isuranga Perera 
Hi all

I'm working on the improvement of client authentication for OAuth2
Introspection endpoint[1]. Currently, it supports authentication via basic
authentication and bearer token authentication.

In this improvement, we're going to introduce authentication via client ID
and secret.

But the problem with this approach is that both basic authentication and
the $subject has the same authorization header. Because of this reason
incoming requests have to go through both basic authentication handler and
$subject authentication handler which results in additional overhead.

The current implementation is as follows[2]. Please provide your insight on
the $subject.

[1] https://github.com/wso2/product-is/issues/4314
[2] https://github.com/wso2-extensions/identity-carbon-auth-rest/pull/67

Best Regards
Isuranga Perera
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev