Request path authenticators with authorization code grant
Here I'm going to discuss a solution where you need API Authentication with OAuth authorization code grant type with WSO2 API Manager and WSO2 Identity Server as Key Manager.
To get things more interesting here I'll be discussing how request path authenticators will be used as the authenticator of the service provider.
It is a common practice to use the WSO2 Identity Server in the deployment as the Key Manager of the deployment. In there one of the most common OAuth use-cases would be authorization code grant type to provide authentication for a client to access a resource server with a given set of access privileges.
Above image depicts OAuth's authorization code grant type to access a resource server on behalf of the resource owner.
Request Path Authenticators
Request path authenticator is a local authenticator and what it does is without prompting an identity provider's login page to provide resource owner's credentials, it allows to contain credentials in the authorization request. you can read the WSO2 documentation on Request path authenticators and how it can be engaged to a service provider from here [1].
Now I'm going to match this OAuth grant type and the Request path authenticator to provide the code grant without prompting a login page.
Step 1: Create an API Store application (OAuth application) and generate key's to create the Service provider at the Key Manager.
Step 2. Login to Key Manager (WSO2 IS) list down the service providers, there you should be able to find the name of the application you have created with the username and the environment appending to it. Click on that and you can configure the request path authenticator that you want to engage as follows.
Step 03: It's more common to engage custom authentication logic in this authentication mechanism and you can write your own request path authenticator by just implementing the "org.wso2.carbon.identity.application.authentication.framework.RequestPathApplicationAuthenticator" interface.
[1] https://docs.wso2.com/display/IS530/Request+Path+Authentication
To get things more interesting here I'll be discussing how request path authenticators will be used as the authenticator of the service provider.
It is a common practice to use the WSO2 Identity Server in the deployment as the Key Manager of the deployment. In there one of the most common OAuth use-cases would be authorization code grant type to provide authentication for a client to access a resource server with a given set of access privileges.
Above image depicts OAuth's authorization code grant type to access a resource server on behalf of the resource owner.
Request Path Authenticators
Request path authenticator is a local authenticator and what it does is without prompting an identity provider's login page to provide resource owner's credentials, it allows to contain credentials in the authorization request. you can read the WSO2 documentation on Request path authenticators and how it can be engaged to a service provider from here [1].
Now I'm going to match this OAuth grant type and the Request path authenticator to provide the code grant without prompting a login page.
Step 1: Create an API Store application (OAuth application) and generate key's to create the Service provider at the Key Manager.
Step 2. Login to Key Manager (WSO2 IS) list down the service providers, there you should be able to find the name of the application you have created with the username and the environment appending to it. Click on that and you can configure the request path authenticator that you want to engage as follows.
Step 03: It's more common to engage custom authentication logic in this authentication mechanism and you can write your own request path authenticator by just implementing the "org.wso2.carbon.identity.application.authentication.framework.RequestPathApplicationAuthenticator" interface.
[1] https://docs.wso2.com/display/IS530/Request+Path+Authentication
Comments
Post a Comment