[prev in list] [next in list] [prev in thread] [next in thread]
List: wsf-c-dev
Subject: Re: [Dev] Need a clarification on APIM resource Auth Type functionality.
From: Sewmini Jayaweera <sewmini () wso2 ! com>
Date: 2015-03-31 6:20:12
Message-ID: CAB=RqMX-78TMsQyn19uGE5kqTN2HiHOmygO1dG3125u9-p9mtg () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi Amila and Sanjeewa,
Thank you for the clarifications.
Best Regards,
Sewmini Jayaweera
*Software Engineer - QA Team*
Mobile: +94 (0) 773 381 250
sewmini@wso2.com
On Tue, Mar 31, 2015 at 11:23 AM, Sanjeewa Malalgoda <sanjeewa@wso2.com>
wrote:
> If application owner requested user token for his own application he will
> get application token instead of user token.
> So you may consider as application owner and token will be application
> token.
> Then you may not be able to access resource specified with application
> user access level.
> And application owner accessing APIs as application user is very rare in
> real use cases.
>
> Thanks,
> sanjeewa.
>
> On Tue, Mar 31, 2015 at 11:18 AM, Sewmini Jayaweera <sewmini@wso2.com>
> wrote:
>
> > Hi Amila,
> >
> > Once we have specified resource auth type as 'application user', can
> > application owner invoke token API get a access token and invoke the
> > particular resource? In that scenario application owner will also be
> > considered as another application user and should be able to invoke the
> > resource is it?
> >
> > Sewmini Jayaweera
> > *Software Engineer - QA Team*
> > Mobile: +94 (0) 773 381 250
> > sewmini@wso2.com
> >
> > On Tue, Mar 31, 2015 at 10:59 AM, Amila De Silva <amilad@wso2.com> wrote:
> >
> > > Hi Sewmini,
> > >
> > > On Tue, Mar 31, 2015 at 10:39 AM, Sewmini Jayaweera <sewmini@wso2.com>
> > > wrote:
> > >
> > > > Hi,
> > > >
> > > > When adding an API in the manage stage user has an option to set an
> > > > auth type for each resource [1].
> > > >
> > > > Below I have mentioned the auth types available and the functionality
> > > > of auth types as i understood;
> > > >
> > > > 1. *Application* - once resource is given application auth type
> > > > only the access token of the application owner can be used to access the
> > > > particular resource.
> > > >
> > > > Once a resource is given Application auth type, it can only be accessed
> > > by an Application Access Token. If the Application Creator gets a token
> > > through the store UI, then the token becomes an Application Access Token.
> > > But if the same user gets it by calling token API, token is considered as a
> > > User Token.
> > >
> > > >
> > > > 1. *Application user* - Any registered user other *than application
> > > > owner* can generate access token using consumer key and secret of
> > > > the application and particular user's user credentials and can invoke
> > > > resource using the access token.
> > > > 2. *None * - No access tokens are required in order to access
> > > > resources having non auth type.
> > > >
> > > > Can someone please tell me whether above mentioned functionality is
> > > > correct, if so in a scenario where resource is given 'application user'
> > > > auth type why can't application owner act as an application user ?
> > > >
> > > > [1]
> > > > https://docs.wso2.com/download/attachments/41747085/API-resources.png?version=1&modificationDate=1410272431000&api=v2
> > > >
> > > > ThankS & Regards,
> > > > Sewmini
> > > >
> > > >
> > > > Sewmini Jayaweera
> > > > *Software Engineer - QA Team*
> > > > Mobile: +94 (0) 773 381 250
> > > > sewmini@wso2.com
> > > >
> > >
> > >
> > >
> > > --
> > > *Amila De Silva*
> > >
> > > WSO2 Inc.
> > > mobile :(+94) 775119302
> > >
> > >
> >
>
>
> --
>
> *Sanjeewa Malalgoda*
> WSO2 Inc.
> Mobile : +94713068779
>
> <http://sanjeewamalalgoda.blogspot.com/>blog
> > http://sanjeewamalalgoda.blogspot.com/
> <http://sanjeewamalalgoda.blogspot.com/>
>
>
>
[Attachment #5 (text/html)]
<div dir="ltr">Hi Amila and Sanjeewa,<div><br></div><div>Thank you for the \
clarifications. </div><div><br></div><div>Best Regards,</div></div><div \
class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div \
dir="ltr"><div><div><div><font face="arial,helvetica,sans-serif">Sewmini \
Jayaweera<br></font></div><font face="arial,helvetica,sans-serif"><b>Software \
Engineer - QA Team</b><br></font></div><font \
face="arial,helvetica,sans-serif">Mobile: +94 (0) 773 381 250<br></font></div><font \
face="arial,helvetica,sans-serif"><a href="mailto:sewmini@wso2.com" \
target="_blank">sewmini@wso2.com</a><br></font></div></div></div> <br><div \
class="gmail_quote">On Tue, Mar 31, 2015 at 11:23 AM, Sanjeewa Malalgoda <span \
dir="ltr"><<a href="mailto:sanjeewa@wso2.com" \
target="_blank">sanjeewa@wso2.com</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr">If application owner requested user token for \
his own application he will get application token instead of user token.<div>So you \
may consider as application owner and token will be application token.</div><div>Then \
you may not be able to access resource specified with application user access \
level.</div><div>And application owner accessing APIs as application user is very \
rare in real use cases.</div><div><br></div><div>Thanks,</div><div>sanjeewa.</div></div><div \
class="gmail_extra"><div><div class="h5"><br><div class="gmail_quote">On Tue, Mar 31, \
2015 at 11:18 AM, Sewmini Jayaweera <span dir="ltr"><<a \
href="mailto:sewmini@wso2.com" target="_blank">sewmini@wso2.com</a>></span> \
wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px \
#ccc solid;padding-left:1ex"><div dir="ltr">Hi Amila,<div><br></div><div>Once we have \
specified resource auth type as 'application user', can application owner \
invoke token API get a access token and invoke the particular resource? In that \
scenario application owner will also be considered as another application user and \
should be able to invoke the resource is it? </div></div><div \
class="gmail_extra"><span><br clear="all"><div><div><div \
dir="ltr"><div><div><div><font face="arial,helvetica,sans-serif">Sewmini \
Jayaweera<br></font></div><font face="arial,helvetica,sans-serif"><b>Software \
Engineer - QA Team</b><br></font></div><font \
face="arial,helvetica,sans-serif">Mobile: <a \
href="tel:%2B94%20%280%29%20773%20381%20250" value="+94773381250" target="_blank">+94 \
(0) 773 381 250</a><br></font></div><font face="arial,helvetica,sans-serif"><a \
href="mailto:sewmini@wso2.com" \
target="_blank">sewmini@wso2.com</a><br></font></div></div></div> \
<br></span><div><div><div class="gmail_quote">On Tue, Mar 31, 2015 at 10:59 AM, Amila \
De Silva <span dir="ltr"><<a href="mailto:amilad@wso2.com" \
target="_blank">amilad@wso2.com</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr">Hi Sewmini,<div class="gmail_extra"><br><div \
class="gmail_quote"><span>On Tue, Mar 31, 2015 at 10:39 AM, Sewmini Jayaweera <span \
dir="ltr"><<a href="mailto:sewmini@wso2.com" \
target="_blank">sewmini@wso2.com</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr">Hi,<div><br></div><div>When adding an API in \
the manage stage user has an option to set an auth type for each resource \
[1].</div><div><br></div><div>Below I have mentioned the auth types available and the \
functionality of auth types as i understood;</div><div><ol><li><b>Application</b> - \
once resource is given application auth type only the access token of the application \
owner can be used to access the particular \
resource.</li></ol></div></div></blockquote></span><div>Once a resource is given \
Application auth type, it can only be accessed by an Application Access Token. If the \
Application Creator gets a token through the store UI, then the token becomes an \
Application Access Token. But if the same user gets it by calling token API, token is \
considered as a User Token.</div><span><blockquote class="gmail_quote" \
style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div \
dir="ltr"><div><ol><li><b>Application user</b> - Any registered user other <u>than \
application owner</u> can generate access token using consumer key and secret of the \
application and particular user's user credentials and can invoke resource using \
the access token. </li><li><b>None </b> - No access tokens are required in order to \
access resources having non auth type.</li></ol><div>Can someone please tell me \
whether above mentioned functionality is correct, if so in a scenario where resource \
is given 'application user' auth type why can't application owner act as \
an application user ? </div></div><div><br></div><div>[1] <a \
href="https://docs.wso2.com/download/attachments/41747085/API-resources.png?version=1&modificationDate=1410272431000&api=v2" \
target="_blank">https://docs.wso2.com/download/attachments/41747085/API-resources.png? \
version=1&modificationDate=1410272431000&api=v2</a></div><div><br></div><div>ThankS \
& Regards,</div><div>Sewmini</div><span><font \
color="#888888"><div><br></div><div><br></div><div><div><div><div \
dir="ltr"><div><div><div><font face="arial,helvetica,sans-serif">Sewmini \
Jayaweera<br></font></div><font face="arial,helvetica,sans-serif"><b>Software \
Engineer - QA Team</b><br></font></div><font \
face="arial,helvetica,sans-serif">Mobile: <a \
href="tel:%2B94%20%280%29%20773%20381%20250" value="+94773381250" target="_blank">+94 \
(0) 773 381 250</a><br></font></div><font face="arial,helvetica,sans-serif"><a \
href="mailto:sewmini@wso2.com" \
target="_blank">sewmini@wso2.com</a><br></font></div></div></div> \
</div></font></span></div> </blockquote></span></div><span><font \
color="#888888"><br><br clear="all"><div><br></div>-- <br><div><div \
dir="ltr"><b>Amila De Silva</b><div><b><font \
color="#444444"><br></font></b></div><div><span style="color:rgb(136,136,136)">WSO2 \
Inc.</span><br></div><div><div><font color="#999999">mobile :<a \
href="tel:%28%2B94%29%20775119302" value="+94775119302" target="_blank">(+94) \
775119302</a></font><br><div><br></div></div></div></div></div> \
</font></span></div></div> </blockquote></div><br></div></div></div>
</blockquote></div><br><br clear="all"><div><br></div></div></div><span \
class="HOEnZb"><font color="#888888">-- <br><div><div dir="ltr"><div><b \
style="color:rgb(0,0,0)"><br></b></div><b style="color:rgb(0,0,0)">Sanjeewa \
Malalgoda</b><div><div><font color="#999999">WSO2 Inc.<br> </font><div><font \
color="#999999"><font><font face="trebuchet ms,sans-serif"><span \
style="font-family:arial"><span style="font-family:'trebuchet \
ms',sans-serif">Mobile :</span></span></font></font><span \
style="font-family:'trebuchet ms',sans-serif"> <a href="tel:%2B94713068779" \
value="+94713068779" target="_blank">+94713068779</a></span></font></div><div><span \
style="color:rgb(136,136,136);font-family:'trebuchet \
ms',sans-serif"><br></span></div><a style="color:rgb(0,0,153)" \
href="http://sanjeewamalalgoda.blogspot.com/" target="_blank"> </a><span \
style="background-color:rgb(255,255,255);color:rgb(0,0,0)">blog</span><a \
style="color:rgb(0,0,153)" href="http://sanjeewamalalgoda.blogspot.com/" \
target="_blank"><span style="background-color:rgb(255,255,255);color:rgb(0,0,0)"> \
</span>:http://sanjeewamalalgoda.blogspot.com/</a></div><div><br></div><div><br></div></div></div></div>
</font></span></div>
</blockquote></div><br></div>
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic