WSO2 API管理器Outh令牌验证
[英]WSO2 API manager Outh token validations
问题描述
I have installed the WS02 API manager and secured my backend REST service with oauth2. 
我已经安装了WS02 API管理器,并使用oauth2保护了我的后端REST服务。
Here is my setup 这是我的设置
IP1: WSO2 API manger using the default inbuild key manager. IP1:使用默认的内置密钥管理器的WSO2 API管理器。 I have published my API here. 我已经在这里发布了我的API。
IP2: Resource server is running here. IP2:资源服务器正在此处运行。
I have simple client application which talks to the key manger to get the Access token and creates a successful call to published API in API manger. 我有一个简单的客户端应用程序,它与密钥管理器进行对话以获取访问令牌并在API管理器中创建对已发布API的成功调用。 Here the API manger validates the token before sending the request to my resource server. 在这里,API管理员在将请求发送到我的资源服务器之前会验证令牌。
I am looking for the following configuration. 我正在寻找以下配置。 Is this possible 这可能吗
- Application will talk to API manager only for generating the token 应用程序将仅与API管理器对话以生成令牌
- Application will make a direct request to Resource server with the token 应用程序将使用令牌直接向资源服务器发出请求
- Resource server needs to validate the token with Auth server. 资源服务器需要使用Auth服务器验证令牌。
I do see explanation in WSo2 Identify server where they suggested to use SOAP based mechanism to validate the token. 我确实在WSo2 Identify服务器中看到了解释,他们建议在其中使用基于SOAP的机制来验证令牌。 However I am not able to get how we can achieve this. 但是,我不知道如何实现这一目标。
Can someone please clarify, what changes needs to be done on Resource server and API manager to get the above flow. 有人可以澄清一下,要获得上述流程,需要在资源服务器和API管理器上进行哪些更改。 As I use API manger only for token generation going only to Identity server makes more sense? 由于我仅将API管理器用于令牌生成,所以仅将身份管理器用于身份服务器更有意义吗?
1 个解决方案
解决方案1
0 2017-03-10 21:43:37
Let me explain the use of API Manager first. 首先让我解释一下API Manager的用法。
API Manager is used to providing a layer of additional functionality for your APIs such as authorization, throttling and other QoS stuff. API Manager用于为您的API提供一层附加功能,例如授权,限制和其他QoS内容。
So the basic idea is that you publish you API in WSO2 API Manager and it takes care of the authorization part for your API. 因此,基本思路是您在WSO2 API管理器中发布API,并负责API的授权部分。 So when a client tries to access your API via API Manager, API Manager makes sure only authorized clients are allowed to access the API. 因此,当客户端尝试通过API Manager访问您的API时,API Manager确保仅允许授权的客户端访问API。
So from your requirements, it seems that you want to do the authorization at the resource server. 因此,从您的要求看来,您似乎想在资源服务器上进行授权。 In that case there is no point using API Manager only for the purpose of token generation. 在这种情况下,仅出于生成令牌的目的而使用API Manager是没有意义的。
Instead, you should use WSO2 Identity Server. 相反,您应该使用WSO2身份服务器。 Your API Client can call the token endpoint of Identity Server to generate the token and send it in the API request. 您的API客户端可以调用Identity Server的令牌端点来生成令牌并将其发送到API请求中。 You can find more details about OAuth2 with WSO2 Identity Server here . 您可以在此处找到有关带有WSO2 Identity Server的OAuth2的更多详细信息。
Then at the resource you can validate the access token. 然后,您可以在该资源上验证访问令牌。 With IS 5.3.0, there are two ways to validate a token. 使用IS 5.3.0,有两种验证令牌的方法。 OAuth2 Introspection Endpoint and a SOAP service. OAuth2自省端点和SOAP服务。 You can find more details here . 您可以在此处找到更多详细信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.