Blog of Dinuksha Ishwari

This blog post is about OAuth 2.0 Dynamic Client Registration specified in  https://tools.ietf.org/html/rfc7591  and how to register your Application with the WSO2 Identity Server dynamically. Initially, we have to discover the end user's OpenID provider using OpenID discovery before we are able to use any OAuth service in our Application. Step 1: Discovery In order to do that we must send a request to the OpenID Connect Discovery endpoint specified in  https://openid.net/specs/openid-connect-discovery-1_0.html#IssuerDiscovery  using WebFinger .  WebFinger allows to discover about any entity on the Internet that are identified by a URI that uses standard HTTP. It returns a JSON object which is referred to as JRD (JSON Resource Descriptor) . OpenID Connect Discovery is, https://localhost:9443/.well-known/webfinger Since we do not have an access token we can use the admin credentials to the WSO2 Identity Server to send the request as all endpoints of the Ide

Introduction OAuth 2.0 is creating a lot of hype in the web service and software industry around the globe. And we often hear many IT products and services adapting to it. Simply put, "OAuth 2.0 is a protocol that allows distinct parties to share information and resources in a secure & reliable manner. "               -  Charles Bihis . (2015).  Mastering OAuth 2.0 Now a days web applications are used very widely for almost every task. But it is difficult to remember separate credentials to each and every application. This is the basic problem OAuth tries to address. Best example is where Instagram allows you to login to Instagram using your Facebook account. This feature is powered by OAuth Protocol. Before diving deeper into OAuth 2.0 it is important to understand what the following keywords mean. Authentication - validating if the person is who he says he is. Authorization - what actions a person is allowed to perform when he / she has been aut

When logging in to the Playground2 Sample with the Identity Server(as in the previous blog post - Getting Started with OAuth 2.0 using WSO2 Identity Server 5.3.0 and Playground2 Sample ), it prompted for few claim values again although those claims were already set in the logged in user’s profile. This blog post provides the steps to be taken in order to avoid this being prompted each and every time a user logs in. This happens since these 2 local claims (http://wso2.org/claims/organization and http://wso2.org/claims/givenname) are not mapped in OIDC claim dialect as mentioned in https://docs.wso2.com/display/IS530/Adding+Claim+Mapping . In order to map, following steps should be followed. Select 'List' under 'Claims' in WSO2 Identity Server Management Console Main Tab. From there, select 'List' under 'Claims' in WSO2 Identity Server Management Console Main Tab. Next, select the OIDC claim dialect to be mapped from

This blog post provides step by step instructions for trying out OAuth 2.0 using WSO2 Identity Server . Here I use Identity Server 5.3.0 which is the latest released version by the time of this writing. The official documentation for this is available in https://docs.wso2.com/display/IS530/OAuth+2.0+with+WSO2+Playground , however for a beginner, it does not provide all the instructions such as creating a Service Provider with necessary configuration. However, by following the steps below, you can simply setup Identity Server and the playground2 sample webapp and test the entire OAuth 2.0 flow. Creating the Service Provider First step is to create a service provider in Identity Server. This is required because when a client application talks to Identity Server via OAuth 2.0, Identity Server has to identify the client and the incoming traffic. We set this configuration inside the service provider. Login to the Management Console of Identity Server and create a service provi