-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support different AS for access_token
validation (other then the one processing API call)
#466
Comments
@duttarnab you can get it from |
@duttarnab updated ticket description with |
@yuriyz , Q2: If the above understanding is true then why we need |
@duttarnab Q2: |
@duttarnab after this ticket is implemented can you test following scenario: set up AS1 (protection), AS2 (API call), AS3 (protection), AS4 (API call). Register
Goal is to get confirmation that oxd supports multiple AS's as API calls as well as protection validation. |
@yuriyz , Is it a good idea to add Something like: |
Yes, we can do this but open separate ticket for it since this improvement is not related to current one. |
#466 - Support different AS for `access_token` validation (other then the one processing API call)
#466 - Support different AS for `access_token` validation (other then the one processing API call)
Done in 4.2 |
Introduce
protect_commands_with_oxd_id: [<oxd id1>, <oxd id2>, ...]
inoxd-server.yml
.RP can register different client with different AS. If
protect_commands_with_oxd_id
is not set (or missed) then validation should be performed withoxd_id
which performs API call (as it is now). If it's set then validation should be performed withoxd_id
set from configuration.Add support for
AuthorizationOxdId: <oxd_id>
HTTP header. It should specify exactly oneoxd_id
. If it's missed, then we validate against API callsoxd_id
(as it is now) but RP can specify differentoxd_id
in this header, in this case we : a) validate it's amongprotect_commands_with_oxd_id
array, if no, reject call. If yes, then go on validation withoxd_id
specified in that header.Remove
org.gluu.oxd.common.params.HasAccessTokenParams
interface. It was introduced when validation was performed by sockets. Now validation must be performed directly inorg.gluu.oxd.server.RestResource#validateAccessToken
method.Add step-by-step documentation how to perform validation with different AS.
The text was updated successfully, but these errors were encountered: