Last Updated: Jan. 2014
● WSO2 API Manager is a complete open-source solution for creating and publishing APIs and managing all aspects of their lifecycle.
● Using WSO2 APIM, you can -- Create and publish APIs -- Advertise APIs in the storefront -- Version APIs -- Manage the lifecycle -- Monitor and Analyze API Usage -- Implement governance and security -- Facilitate community engagement -- Provide extension points
https://docs.wso2.com/display/AM190/Introducing+the+API+Manager
●
●
●
●
End user
Web app
Initial request
authenticate / authorize
Redirect
Authorization code.
Token
Protected resource.
OAuth2 Authorization manager
12
3
4
56
7
Source :- http://wso2.com/library/blog-post/2014/10/blog-post-revamping-wso2-api-manager-key-management-architecture-around-open-standards/
●
●
●
●
● WSO2 identity server. https://wso2.com/products/identity-server/
● Open AM https://www.forgerock.com/products/access-management/
● mitreid-connect https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
● Surf oAuth https://github.com/OAuth-Apis/apis
OpenID Connect reference implementation in Java on the Spring platform.
https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/
<APIKeyManager><KeyManagerClientImpl>org.wso2.carbon.mit.
OpenIDClientImpl</KeyManagerClientImpl> <Configuration>
…………………………………………………………..<ResourceRegistrationEndpoint>
http://localhost:8080/openid-connect-server-webapp/resource</ResourceRegistrationEndpoint><OIDCDcrEndpoint>
http://localhost:8080/openid-connect-server-webapp/register</OIDCDcrEndpoint>
…………………………………………………………….. </Configuration>
</APIKeyManager>
<APIKeyValidator> <!--
Specifies the implementation to be used for KeyValidationHandler. Steps for validating a token can be controlled by plugging in a custom KeyValidation Handler
--> <KeyValidationHandlerClassName>org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler</KeyValidationHandlerClassName>
</APIKeyValidator>
● Implement KeyManager interface when you are writing your own implementation.<KeyManagerClientImpl>org.wso2.carbon.mit.OpenIDClientImpl</KeyManagerClientImpl>
-- createApplication() -Create a new OAuth application in the Authorization Server-- updateApplication()-Update an OAuth application-- retrieveApplication()- Retrieve an Oauth application-- getNewApplicationAccessToken()-Store calls this method to get a new Application Access Token.-- getTokenMetaData()-Get details about an access token-- getKeyManagerConfiguration()- Get Key manager implementation from a json file-- buildAccessTokenRequestFromJSON()-- mapOAuthApplication()-Use when to create a OAuth application in semi-manual mode-- buildAccessTokenRequestFromOAuthApp()
https://github.com/wso2/carbon-apimgt/blob/release-1.9.1/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/KeyManager.java
-- loadConfiguration()
-- registerNewResource()-- getResourceByApiId()-- updateRegisteredResource()-- deleteRegisteredResourceByAPIId()-- deleteMappedApplication()-- getActiveTokensByConsumerKey()-- getAccessTokenByConsumerKey()
https://github.com/wso2/carbon-apimgt/blob/release-1.9.1/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/KeyManager.java
● Implement KeyValidationHandler interface when you are writing your own implementation.<KeyValidationHandlerClassName>org.wso2.carbon.apimgt.keymgt.handlers.
DefaultKeyValidationHandler</KeyValidationHandlerClassName>
-- validateToken()-- validateSubscription()-- validateScopes()-- generateConsumeToken()- JWT token this will use to default implementationhttps://github.com/wso2/carbon-apimgt/blob/release-1.9.1/components/apimgt/org.wso2.carbon.
apimgt.keymgt/src/main/java/org/wso2/carbon/apimgt/keymgt/handlers/KeyValidationHandler.java
Create OAuth client at key manager
curl -k -X POST -b cookies https://localhost:9443/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag -d 'action=generateApplicationKey&application=NewApp1&keytype=PRODUCTION&authorizedDomains=ALL&callbackUrl=&validityTime=3600&tokenScope=&jsonParams={"paramname":"paramvalue"}'
Sample jsonParams for MITred-Connect implementation {"allowDomains":"ALL","callback_url":["dfsds"],"client_name":"jh_sandbox","contact":[],"
grant_types":[],"response_types":[],"scope":["phone","openid","offline_access","address","email","profile"],"token_endpoint_auth_method":null}
https://docs.wso2.com/display/AM190/Store+APIs
Update OAuth client
curl -k -X POST -b cookies https://localhost:9443/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag -d 'action=updateClientApplication&application=NewApp1&keytype=PRODUCTION&authorizedDomains=ALL&callbackUrl=&validityTime=3600&tokenScope=&jsonParams={"paramname":"paramvalue"}'
Sample jsonParams for MITred-Connect implementation {"allowDomains":"ALL","callback_url":["dfsds"],"client_name":"jh_sandbox","contact":[],"
grant_types":[],"response_types":[],"scope":["phone","openid","offline_access","address","email","profile"],"token_endpoint_auth_method":null}
Retrieve an OAuth application data
curl -b cookies 'http://localhost:9763/store/site/blocks/subscription/subscription-list/ajax/subscription-list.jag?action=getAllSubscriptions&selectedApp=NewApp1'
Delete an oAuth application
curl -k -X POST -b cookies http://localhost:9763/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag -d 'action=deleteAuthApplication&consumerKey=4lHddsxCtpFa2zJE1EbBpJy_NIQa'