stratos-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anuruddha Premalal <anuruddhaprema...@gmail.com>
Subject Re: Use signed JWT token for rest api authentication
Date Wed, 12 Aug 2015 04:32:41 GMT
Hi Imesh,Udara,

Thanks for the input. Actually this use case was solved previously using
MutualSSL authentication [1]. Here I just want to send the username and a
dummy password in BasicAuth header. IMO this is a hack to achieve the task.

In my usecase I am creating applications as tenant admin and doesn't have
access to tenant password 'cause it's a security risk to expose passwords.
I too agree with Udara on using a Oauth token for the api which is more
secure and standard.

[1]
https://github.com/wso2/product-private-paas/commit/70c78d1aa3ea100d632f24a9162a9e54d44608f9


On Wed, Aug 12, 2015 at 9:15 AM, Udara Liyanage <udara@wso2.com> wrote:

> Hi Imesh,
>
> I think we can add Oauth authentication for Stratos API. A user first
> obtain a token and then provide that token for subsequent API calls. AFAIR
> we have discussed this earlier too.
>
> On Wed, Aug 12, 2015 at 9:12 AM, Imesh Gunaratne <imesh@apache.org> wrote:
>
>> If another system (say A) is talking to Stratos via the REST API, we
>> might need to check how this work flow starts from A. It may either starts
>> by prompting the user to login or as a result of a background job.
>>
>> If its the first case then the system A should have some form of a token
>> or user credentials to talk to Stratos. Otherwise a system user needs to be
>> used to talk to Stratos.
>>
>> On Tue, Aug 11, 2015 at 1:57 PM, Udara Liyanage <udara@wso2.com> wrote:
>>
>>> Hi Anurudda,
>>>
>>> The similar scenario came up when we create Oauth token when application
>>> creation. AS needed to call IS in order to create the token. There we
>>> overcome this by using JWT authenticator which validates the username.
>>> However you can not access Sratos API using that authentication.
>>>
>>> On Tue, Aug 11, 2015 at 1:22 PM, Anuruddha Premalal <
>>> anuruddhapremalal@gmail.com> wrote:
>>>
>>>> Hi Udara,
>>>>
>>>> I need to call the Stratos rest api from a wso2 server component as
>>>> tenant admin. We can get the tenant username however we cannot get the
>>>> password. Have you encountered this kind of use-case before?. Is there an
>>>> existing way to achieve this?
>>>>
>>>> Thanks,
>>>> Anuruddha.
>>>>
>>>> On Tue, Aug 11, 2015 at 12:35 PM, Udara Liyanage <udara@wso2.com>
>>>> wrote:
>>>>
>>>>> HI Anurudda,
>>>>>
>>>>> AFAIK you can not use a JWT token for REST API access. JWT tokens are
>>>>> used in two places,
>>>>>
>>>>> 1) For metadata API access
>>>>> 2) A JWT authenticator is used for Stratos- Identity server
>>>>> communication.
>>>>>
>>>>> Could you please explain your requirement in more detail so we can
>>>>> point you to extension places.
>>>>>
>>>>> On Tue, Aug 11, 2015 at 12:28 PM, Anuruddha Premalal <
>>>>> anuruddhapremalal@gmail.com> wrote:
>>>>>
>>>>>> Hi Devs,
>>>>>>
>>>>>> Is it possible to invoke the Stratos rest api using a signedJWT token
>>>>>> instead of BasicAuth?. Does this comes OOB? If not, is there any
extension
>>>>>> point provided for a custom authentication handleri?
>>>>>>
>>>>>> Regards,
>>>>>> --
>>>>>> *Anuruddha Premalala (MIEEE)Mobile : +94710461070
>>>>>> <%2B94710461070>E-mail  : anuruddhapremalal@gmail.com
>>>>>> <anuruddhapremalal@gmail.com>web      : www.regilandvalley.com
>>>>>> <http://www.regilandvalley.com>Sri Lanka.*
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> Udara Liyanage
>>>>> Software Engineer
>>>>> WSO2, Inc.: http://wso2.com
>>>>> lean. enterprise. middleware
>>>>>
>>>>> web: http://udaraliyanage.wordpress.com
>>>>> phone: +94 71 443 6897
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> *Anuruddha Premalala (MIEEE)Mobile : +94710461070
>>>> <%2B94710461070>E-mail  : anuruddhapremalal@gmail.com
>>>> <anuruddhapremalal@gmail.com>web      : www.regilandvalley.com
>>>> <http://www.regilandvalley.com>Sri Lanka.*
>>>>
>>>
>>>
>>>
>>> --
>>>
>>> Udara Liyanage
>>> Software Engineer
>>> WSO2, Inc.: http://wso2.com
>>> lean. enterprise. middleware
>>>
>>> web: http://udaraliyanage.wordpress.com
>>> phone: +94 71 443 6897
>>>
>>
>>
>>
>> --
>> Imesh Gunaratne
>>
>> Senior Technical Lead, WSO2
>> Committer & PMC Member, Apache Stratos
>>
>
>
>
> --
>
> Udara Liyanage
> Software Engineer
> WSO2, Inc.: http://wso2.com
> lean. enterprise. middleware
>
> web: http://udaraliyanage.wordpress.com
> phone: +94 71 443 6897
>



-- 
*Anuruddha Premalala (MIEEE)Mobile : +94710461070E-mail  :
anuruddhapremalal@gmail.com <anuruddhapremalal@gmail.com>web      :
www.regilandvalley.com <http://www.regilandvalley.com>Sri Lanka.*

Mime
View raw message