WSO2 API Manager 2.0 User Class extension - wso2

We've deployed WSO2 API Manager 2.0 and are very happy with it.
Although, we've been looking in the documentation if it is possible to add a field to the user profile but haven't found anything yet, is this at all possible? Also, if this is possible can we show the field somewhere on the frontend? Or better yet, is it possible to send it to a backend webservice?
Our problem is that we have a backend with users that have a token, but we didn't want to send that token to the API Manager, we want it to be added without worrying the user. Is this at all possible? We know about sequence mediation and this can probably be achieved with it, the only complication is where we store the user token, for each user.
Thanks in advance!
Best Regards

You can introduce new user attributes to user profiles. APIM uses WSO2 identity server features internally. So you can refer this doc.
If you enabled Supported by Default property, it will be shown in user profile.
You can use JWT to send user claims to backend. You can find docs here.
Last part is not much clear to me.

Related

Flask authenticantion. How to inform the user logged in the client to the server

I am creating a flask app to be used internally in my company. I would like to restrict what a user can do it based on its login ID. I read a lot about using LDAP3 but I don't think I can do what want which send the login ID to the server. There I would have a table which will register which part of the system has the permition to edit. If it try to change somenthing not permited the app will retrieve a warning message.
I won't to do that to avoid having to create a separate login functionality just for this app. I read that I should use AD authentication but I am not very familiarized with that and I would also like to avoid having to ask our IT department to create user groups there for each part of my system.
I know that I can do that using ASP .NET (at least I did once).
Any guidance will be apreciated.
I think you are looking for Role-based Authorization.
In order to use this functionality you will need to implement roles on your model file per the Data-models documentation.
This will allow you to assign users a role when they are created, and you can use a decorator on your routes to 'require' the user to have the role you want them to have before they access the endpoint.

Migrating existing Login flow using Instagram Legacy API to the new Instagram Basic graph API

Our application (kind-of got legacy) has been using IG API to authorize users (by using the uid attribute returned from IG's callback API response) and we have left email as an optional param (safe to assume that there are many users in the application database without email IDs persisted)
With new Instagram Basic Display API (advised), it's mentioned to use Facebook Login for authentication purpose. But I am facing a major problem of identifying existing users now (since the uid will be different).
Also I have a doubt on what will have happen for users having instagram account without linking their Facebook account to it?
I could not find a proper explanation or a documentation for seamless migration for my situation.
Please help with sharing the right resource or guidance to achieve the same.

Wso2is admin REST API Postman collection is available to public

I am trying to create a new interface for wso2is for my specific requirement. I only need some specific functionalities (add user, add roles etc) from wso2, I go through several documentation in wso2 website and find:
this document
this post
but never got a complete documentation.
Is it possible to get the postman collections for the same?
The documentation you have referred to is relevant to the admin services for user and role management. They are implemented using SOAP. But since you have some basic requirements as add user delete user add roles you can use the SCIM2 REST API's[1][2]
[1].https://docs.wso2.com/display/IS570/Using+the+SCIM+2.0+REST+APIs
[2].https://medium.com/#vindulajayawardana/scim-2-0-api-for-wso2-identity-server-5-3-0-fc5dcaad9e44

WSO2 - Get active sessions for user

We are using WSO2 for authentication (SAML/SSO).
I don't know how to tell if a user is already logged in (in order to prevent concurrent logins). Other SO questions have indicated this is possible to know both with WSO2 IS Analytics and without. I would prefer to not have to run WSO2 IS Analytics as well (this is alluded to here, but never clarified. Further, I can see the IDN_AUTH_SESSION_STORE table being populated and referred to during login, but that is using SESSION_ID (which is passed by the commonAuth cookie).
So I'm looking for a direct answer to this question: during the Auth flow, how can we tell if the given user is already logged in?
Without using the analytics, querying logged in user sessions by a user is not supported out of the box in WSO2 Identity Server. Let me explain why.
When a user authenticates with the WSO2 Identity Server, a session is created. These sessions are stored as session context objects, against the commonAuthId cookie in WSO2 implementation. Information about the logged in user is inside these session objects. Therefore if we want to get the session for a particular user, we have to query all active sessions and go through all of them one by one matching the user.
As an alternative, you can write a custom data publisher module which persists session data against each user and then you can use these data to prevent concurrent logins. I have a blog post written for this exact use case.
Hope this helps.

Tastypie/Mongoengine Authentication

I'm creating a REST API for a iOS app. Using Django, Tastypie, Mongoengine/MongoDB. I'm using python-social-auth to allow users to register via Facebook and it seems to be working perfectly.
What I'm struggling with is what happens next - when the user makes subsequent calls to the API what credentials should be passed with the request? I'm thinking that when the user is saved, I should generate an APIkey and send it back which the user would then use to authenticate in subsequent requests. Would that be the correct approach and, if so, how would that be implemented?
I can't seem to find any info/examples for non-ORM
Any help/nudge in the right direction would be greatly appreciated! Thanks!