Return-Path: X-Original-To: apmail-stratos-dev-archive@minotaur.apache.org Delivered-To: apmail-stratos-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C39FF1867E for ; Wed, 12 Aug 2015 03:46:05 +0000 (UTC) Received: (qmail 54188 invoked by uid 500); 12 Aug 2015 03:46:05 -0000 Delivered-To: apmail-stratos-dev-archive@stratos.apache.org Received: (qmail 54135 invoked by uid 500); 12 Aug 2015 03:46:05 -0000 Mailing-List: contact dev-help@stratos.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@stratos.apache.org Delivered-To: mailing list dev@stratos.apache.org Received: (qmail 54122 invoked by uid 99); 12 Aug 2015 03:46:05 -0000 Received: from Unknown (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Aug 2015 03:46:05 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id BDC6A18193D for ; Wed, 12 Aug 2015 03:46:04 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.9 X-Spam-Level: ** X-Spam-Status: No, score=2.9 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=wso2.com Received: from mx1-eu-west.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id uVESgJWa0uhv for ; Wed, 12 Aug 2015 03:45:54 +0000 (UTC) Received: from mail-pa0-f48.google.com (mail-pa0-f48.google.com [209.85.220.48]) by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with ESMTPS id 0BD7120B86 for ; Wed, 12 Aug 2015 03:45:52 +0000 (UTC) Received: by pawu10 with SMTP id u10so4874181paw.1 for ; Tue, 11 Aug 2015 20:45:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wso2.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=cG7dnyEUH1YGRrsip5Wzxve/JbH+LnDWQoYMH/93XV8=; b=H2gv0O8EINRb5Pw4WfCx9VOZbcaO7HY6vktJXnwm2Z5vKrfondJIdaoNV8XSuZB8QD IFJBZV+suXdK/388W/ImEaA1Hs8IXe8OwB2d4BPdVNeyQZve8hCRYoalDjxoek1++RQV T2Ca9gc8wxbgcqWo8tqCkcYnwIKsV1hk8qm60= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type; bh=cG7dnyEUH1YGRrsip5Wzxve/JbH+LnDWQoYMH/93XV8=; b=CiKwCn+70vUzP8X0/AzlT/3UsMxRyXCDqawn2zCUDT8s6fqBxmKEPqhGotZHHia85x nJvSli7RmHt3f5FnoploAtxWPoLAmS18aGUPBWzzPMp9g6uzTaBQ9WUDR386IQktfg6c gwSuuEwDh+OCRkvzPEzKPyN/x5ahgseEff++EfUgNEErHmF2dRLKlYSg6dUq7giWv1O9 l4lhRiGdjrNlNQvC31eRSFwThNMRPwCzwgOzcp8rn2qr17g+tFO4ICmigCa/WYvYRqzm UnN5kDDy9hnqJAKZ3ehOwA3j4afcd43MIjFktclurWOvq8Xz8C4pBsCSfGWDufyIkuHx fIEg== X-Gm-Message-State: ALoCoQm6XGfh7GT9/I6rixkEt2Uf70uktgbfV6K6NGSHhLLgsMv5U9baswGw1jkeouE4bZSclbuR X-Received: by 10.68.98.131 with SMTP id ei3mr62269331pbb.113.1439351151324; Tue, 11 Aug 2015 20:45:51 -0700 (PDT) MIME-Version: 1.0 Received: by 10.70.127.103 with HTTP; Tue, 11 Aug 2015 20:45:11 -0700 (PDT) In-Reply-To: References: From: Udara Liyanage Date: Wed, 12 Aug 2015 09:15:11 +0530 Message-ID: Subject: Re: Use signed JWT token for rest api authentication To: dev Content-Type: multipart/alternative; boundary=047d7b6dc7b6150f37051d150eee --047d7b6dc7b6150f37051d150eee Content-Type: text/plain; charset=UTF-8 Hi Imesh, I think we can add Oauth authentication for Stratos API. A user first obtain a token and then provide that token for subsequent API calls. AFAIR we have discussed this earlier too. On Wed, Aug 12, 2015 at 9:12 AM, Imesh Gunaratne wrote: > If another system (say A) is talking to Stratos via the REST API, we might > need to check how this work flow starts from A. It may either starts by > prompting the user to login or as a result of a background job. > > If its the first case then the system A should have some form of a token > or user credentials to talk to Stratos. Otherwise a system user needs to be > used to talk to Stratos. > > On Tue, Aug 11, 2015 at 1:57 PM, Udara Liyanage wrote: > >> Hi Anurudda, >> >> The similar scenario came up when we create Oauth token when application >> creation. AS needed to call IS in order to create the token. There we >> overcome this by using JWT authenticator which validates the username. >> However you can not access Sratos API using that authentication. >> >> On Tue, Aug 11, 2015 at 1:22 PM, Anuruddha Premalal < >> anuruddhapremalal@gmail.com> wrote: >> >>> Hi Udara, >>> >>> I need to call the Stratos rest api from a wso2 server component as >>> tenant admin. We can get the tenant username however we cannot get the >>> password. Have you encountered this kind of use-case before?. Is there an >>> existing way to achieve this? >>> >>> Thanks, >>> Anuruddha. >>> >>> On Tue, Aug 11, 2015 at 12:35 PM, Udara Liyanage wrote: >>> >>>> HI Anurudda, >>>> >>>> AFAIK you can not use a JWT token for REST API access. JWT tokens are >>>> used in two places, >>>> >>>> 1) For metadata API access >>>> 2) A JWT authenticator is used for Stratos- Identity server >>>> communication. >>>> >>>> Could you please explain your requirement in more detail so we can >>>> point you to extension places. >>>> >>>> On Tue, Aug 11, 2015 at 12:28 PM, Anuruddha Premalal < >>>> anuruddhapremalal@gmail.com> wrote: >>>> >>>>> Hi Devs, >>>>> >>>>> Is it possible to invoke the Stratos rest api using a signedJWT token >>>>> instead of BasicAuth?. Does this comes OOB? If not, is there any extension >>>>> point provided for a custom authentication handleri? >>>>> >>>>> Regards, >>>>> -- >>>>> *Anuruddha Premalala (MIEEE)Mobile : +94710461070 >>>>> <%2B94710461070>E-mail : anuruddhapremalal@gmail.com >>>>> web : www.regilandvalley.com >>>>> Sri Lanka.* >>>>> >>>> >>>> >>>> >>>> -- >>>> >>>> Udara Liyanage >>>> Software Engineer >>>> WSO2, Inc.: http://wso2.com >>>> lean. enterprise. middleware >>>> >>>> web: http://udaraliyanage.wordpress.com >>>> phone: +94 71 443 6897 >>>> >>> >>> >>> >>> -- >>> *Anuruddha Premalala (MIEEE)Mobile : +94710461070 <%2B94710461070>E-mail >>> : anuruddhapremalal@gmail.com web : >>> www.regilandvalley.com Sri Lanka.* >>> >> >> >> >> -- >> >> Udara Liyanage >> Software Engineer >> WSO2, Inc.: http://wso2.com >> lean. enterprise. middleware >> >> web: http://udaraliyanage.wordpress.com >> phone: +94 71 443 6897 >> > > > > -- > Imesh Gunaratne > > Senior Technical Lead, WSO2 > Committer & PMC Member, Apache Stratos > -- Udara Liyanage Software Engineer WSO2, Inc.: http://wso2.com lean. enterprise. middleware web: http://udaraliyanage.wordpress.com phone: +94 71 443 6897 --047d7b6dc7b6150f37051d150eee Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi Imesh,

I think we can add Oauth auth= entication for Stratos API. A user first obtain a token and then provide th= at token for subsequent API calls. AFAIR we have discussed this earlier too= .

On W= ed, Aug 12, 2015 at 9:12 AM, Imesh Gunaratne <imesh@apache.org> wrote:
If another sy= stem (say A) is talking to Stratos via the REST API, we might need to check= how this work flow starts from A. It may either starts by prompting the us= er to login or as a result of a background job.=C2=A0

If= its the first case then the system A should have some form of a token or u= ser credentials to talk to Stratos. Otherwise a system user needs to be use= d to talk to Stratos.

On Tue, Aug 11, 2015 at 1:57 PM, Uda= ra Liyanage <udara@wso2.com> wrote:
Hi Anurudda,

The similar scenar= io came up when we create Oauth token when application creation. AS needed = to call IS in order to create the token. There we overcome this by using JW= T authenticator which validates the username. However you can not access Sr= atos API using that authentication.

On Tue, Aug 11, 2015 at 1:22 PM, An= uruddha Premalal <anuruddhapremalal@gmail.com> wro= te:
Hi Udara,

I need to call the Stratos rest api from a wso2 server component a= s tenant admin. We can get the tenant username however we cannot get the pa= ssword. Have you encountered this kind of use-case before?. Is there an exi= sting way to achieve this?

Thanks,
Anuru= ddha.

On Tue, Aug 11, 2015 at 12:35 PM, Udara Liyanage <udara@wso2.com> wrote:
HI A= nurudda,

AFAIK you can not use a JWT token for REST API = access. JWT tokens are used in two places,

1) For = metadata API access
2) A JWT authenticator is used for Stratos- I= dentity server communication.

Could you please exp= lain your requirement in more detail so we can point you to extension place= s.

On Tue, Aug 11, 2015 at 12:28 PM, Anuruddha Premalal <anu= ruddhapremalal@gmail.com> wrote:
Hi Devs,

Is it possible to invoke= the Stratos rest api using a signedJWT token instead of BasicAuth?. Does t= his comes OOB? If not, is there any extension point provided for a custom a= uthentication handleri?

Regards,
= --
Anuruddha Premalala=C2=A0(MIEEE)<= div>Mobile : +94710461070
web =C2=A0 =C2=A0 =C2=A0: www.regilandvalley.com
Sri Lanka.



<= font color=3D"#888888">--

Udara Liyanage
Software Engineer
WSO2, Inc.:=C2=A0http://wso2.com=
lean. enterprise. middleware
<= br>
phone:= =C2=A0+94 71 443 6= 897



--
Anuruddha P= remalala=C2=A0(MIEEE)
Mobile : +94710461070
web =C2=A0 =C2=A0 =C2=A0: www.regilandvalley.com<= /div>Sri Lanka.



--
=

Udara LiyanageSoftware Engineer=
WSO2, Inc.:=C2=A0http://wso2.com
lean. enterprise. middleware

= phone:=C2=A0+94 71 443 6897



<= /div>--
Imesh Gunaratne

S= enior Technical Lead, WSO2
Committer &= ; PMC Member, Apache Stratos


--

Udara Liy= anage
S= oftware Engineer
WSO2,= Inc.:=C2=A0http://wso2.comlean. enterprise. middleware

phone:=C2=A0+94 71 443 6897
--047d7b6dc7b6150f37051d150eee--