It is possible to authenticate users with Facebook account, google account, twitter etc... through Oauth? (In the case of a web application try to access to a protected ressource)
I understood that WSO2 Identity Server can act as an authorization server and provides its own access token but it is possible to authenticate user if facebook or google provide access token after user authorize retrieving its info?
Oauth is supported in identity server, but I doubt if it is necessary to have two of this authentication server together :) ?
Related
I wanted to do some POC for wso2 API manager where API Manager will expose login and registration url which will be called by UI layer but wanted to handle end user authorization and authentication
in API manager layer and don't want to handle this in database how can I do this i don't to use Identity server also.
I have gone through password grant_type tutorial and we can use this but how the authorization is going to performed?
Do we need to maintain user details in separate database or in identity server? if yes how this is going to happen.
I have gone through below questions but didn't get exact solution, please help me on this.
authorize user in wso2 api manager
wso2 api manager end-user
Thanks
how can I do this i don't to use Identity server also
By default you should be using the provided OAuth2 endpoints to authorize the users. However - the API Manager itselfs doesn't support self-registration and account verification.
I'd suggest to configure a WSO2 Identity Server as an APIM Key manager.
The WSO2IS has capability for self-registration and account verification.
The application or users will authenticate against the WSO2IS and the returned token will be valid for APIM (as the KeyManager shares the database with tokens).
Environment :
wso2 API-M + wso2 Identity server (Key manager) and they shared the
same user store.
2 service providers(publisher and store) and 2 identity
providers(Google and Facebook) in the carbon.super tenant.
APIM SSO service is enabled and issuer IDs follow above.
Enable OAuth2.0 users(Google and Facebook) to login.
3 tenants (carbon.super , TA and TB) in the environment.
Publisher SP and Store SP are both in SaaS mode.
Question:
How can user get his access token by API with his account and password?
I try to refer the document : https://docs.wso2.com/display/AM1100/Token+API
but it seems need consumer key and secret, is there other way without consumer key pair to get user access token?
Thanks
Tom
Yes you need to have consumer/key secret pair to get access token. For user authentication you can use different grant flows(SAML2, Authorization code etc) but to verify client OAuth application you must pass application details(because you can have multiple applications in system and Oauth server need to know what application you are referring).
Thanks
sanjeewa.
I am trying to call the WSO2 IS web service (i.e: getUserProfile) from service provider when we are using SAML2 SSO authentication ,but i am getting un authorized access.
Do we get any token that can be used to call the web service after the initial authentication,without passing the credential or cookies ??
This might be a permission problem. Make sure you have enable login permission for particular user.
Admin services are secured using common types of security protocols such as HTTP basic authentication, WS-Security username token, and session based authentication.
You can use SAML2SSOAuthenticationService.
Please refer the sample How to get a session cookie from a webapp which uses SAML SSO
i am newbie to the WSO2 identity server 5.0 service pack one.
I've been so confused lately that, what is different between identity provider and an outbound authentication?
How can i usage each of them ?
if i define a custom user store authentication, when must be used a custom authentication in Authentication endpoint? what is difference and usage each of them?
Identity providers are providing identity for users to interact with a system. As an example here in wso2 identity server we can configure Facebook as an Identity Provider(IDP). By doing this we can allow users to be logged into Service Providers using facebook credentials. you can follow the blog in [1] to test Wso2 IS with facebook IDP. Otherthan facebook we can use google, Live, Yahoo, etc. as IDP with IS.
[1] http://prasadtissera.blogspot.com/2014/04/login-with-facebook-for-wso2-identity.html
Thanks
In my application I am using Federated Authentication in WSO2 Identity Server 5 to authenticate user using social networks. If the application wants to access there APIs how can we get the original tokens given by the authentication providers?
Identity Servers authenticators have necessary token in there execution. We can save these tokens to user claims(attributes) by extending the authenticators. After that we can take out these tokens via the claims and use in our client applications.