Thursday, March 24, 2016

Identity Patterns with the WSO2 Identity Server
Single Page Application (SPA) proxy

Problem:
  • Authenticate users to a single page application in a secure manner, via OAuth 2.0. 
  • The SPA accessing an OAuth-secured API, the access token must be made invisible to the end-user. 
  • The SPA accessing an OAuth-secured API, the client (or the SPA) must be authenticated in a legitimate manner.
Solution:
  • There are multiple ways to secure an SPA and this presentation covers some options: http://www.slideshare.net/prabathsiriwardena/securing-singlepage-applications-with-oauth-20 
  • This explains the SPA proxy pattern, where a proxy is introduced, and the calls from the SPA will be routed through the proxy. 
  • Build an SPA proxy and deploy it in WSO2 Identity Server. A sample proxy app is available at https://github.com/facilelogin/aratuwa/tree/master/oauth2.0-apps. 
  • The SPA proxy must be registered in the WSO2 Identity Server as a service provider, having OAuth inbound authenticator. 
  • To make the SPA proxy stateless, the access_token and the id_token obtained from the WSO2 Identity Server (after the OAuth flow) are encrypted and set as a cookie. 
  • Products: WSO2 Identity Server 5.0.0+ 

1 comments:

Benny said...

Can you suggest an replica watches for sale model with the same movement mechanism that you have in stock for immediate dispatch. I look forward to hearing from you with options. If you could send a link through to the hublot replica sale so that I can see the models you suggest, I will then confirm rolex replica watches watch. Many thanks for sending me the details of the watches, I do not like the stainless steel alone, I have had a look on your website and I would like one of tag heuer replica uk. Your website states you have a stock of 998 for each of these models. Can you confirm that you can supply me with one of these fake rolex sale please. I've tried the Parcelforce website and this tracking number was not working so I rung them and they said this is not one of there tracking numbers and to contact you again.