3-legged oauth with Wso2 API Manager

2
votes

I need to expose some APIs through wso2 api manager, but with three important features:

  • Some APIs need 3-legged oauth access control;
  • The oauth authentication must be made through an identity provider already configured in wso2 identity server;
  • Need to give the resource owner the ability to manage (list and revoke) subscribed applications

Can anyone give me some tips to achieve this scenario?

1
apioauthwso2wso2iswso2-am

1 Answers

0
votes

Configure Three Legged flow with OAuth 1.0a. Refer http://tharindue.blogspot.com/2015/04/three-legged-oauth-10a-playground_23.html for more details

If IS as KeyManager is configured on APIManager, Identity Server is the Identity Provider.

When a developer create an application on API Manager Store, he has manage permissions to that application. All other subscribers use the key and secret pair,  has subscribe permission only.  

For additional informations: http://wso2.com/library/articles/2016/05/article-the-benefits-of-integrating-wso2-identity-server-with-wso2-api-manager/ https://docs.wso2.com/display/IS460/Authorization+Code+Grant+Type+with+API+Manager