wso2 api manager one consumer many clients
Question
Currently, I have a running application with a bunch of customers and custom servlet API.
To have a possibility to integrate my app with app of my partner I need to implement REST API and OAuth 2.0 flow. And am on my way to integrate WSO2 API manager in my environment for these needs.
Desired flow is on the picture - api flow
And to say it verbally:
- User already registered in my APP
- User registers on partner's APP
- In order to use services of my app user is required to authorise himself on my app (oauth 2.0 authorization code flow is used) from partners app
- Partners app can interact with my app via REST interface with help of user access token.
Is there possibility to register only one consumer on WSO2 API Manager side (My Partners app) and provide client secret and password only to my Partner, but not to each user?
Currently, I have one registered consumer to provide tests. And each time when I make requests for authorization code for this test consumer with it's client secrets - I receive the same code.
From this behavior, I understand that it is needed to issue client secrets on API manager side for each end user and not just for partners App. achieve.
1 answers
solution1
0 2016-03-01 15:11:57
For Oauth 2.0 authorization code flow it is needed to provide only one client_id and client secret for partner.
In order to authorize end users at WSO2 API manager side and provide unique access_token's for end users - WSO2 API manager should have access to the User table of database. In the User table there are login/encrypted_password values for end users are stored.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.