[GSOC-2017] OAuth 2.0 Dynamic Client Registration Management Protocol Support for WSO2 Identity Server
The idea of this GSOC project is to enable OAuth 2.0 Dynamic Client Management (DCRM) protocol in WSO2 Identity Server.
The following methods has been covered in the implementation,
- Read an already registered service provider
- Update an already registered service provider
- Delete an already registered service provider
Read request
The client can make an HTTP GET request to the Client Configuration Endpoint of the WSO2 Identity Server to read the current registration state of the service provider.
Format
GET https://localhost:9443/identity/register/<clientid> HTTP/1.1
Accept: application/json
Authorization: Basic YWRtaW46YWRtaW4=
This request will be processed and respond with all the metadata relevant to the client with 201 status code if no error conditions meet.
Example of a successful response:
{
“grant_types”: [“implicit”],
“client_secret_expires_at”: null,
“redirect_uris”: [“vakldsnvl”],
“client_secret”: “l0BjlqJmnWIlLobY0HRnVzS1CBIa”,
“client_name”: “admin_app1”,
“client_id”: “f4_8GGLDPOcLJg7DcO0jI_eWjW4a”
}
If the client id in the request is an invalid one, then the server will respond with the following error with status code 400.
{
“error”: “backend_failed”,
“error_description”: “Error occurred while reading the existing service provider.”
}
Update request
The client can make an HTTP PUT request to the Client Configuration Endpoint of the WSO2 Identity Server to update a previously registered client.
Client is not allowed to update the client name, client ID and client secret returned from the Identity server.
Format
PUT https://localhost:9443/identity/register/<clientid> HTTP/1.1
Accept: application/json
Authorization: Basic YWRtaW46YWRtaW4=
{
“client_name”: “app4”,
“client_id”: “7JccuZUyU1RJR9qgfFHcUi0PbY4a”,
“client_secret”: “8iiiJbCpT2fRdKOmShWNWI1_RFEa”,
“grant_types”: [“implicit”],
“redirect_uris”: [“vakldsnvl”]
}
Response format will be as same as the response for read request stated above.
Delete request
The client can make an HTTP PUT request to the Client Configuration Endpoint of the WSO2 Identity Server to update a previously registered client.
DELETE https://localhost:9443/identity/register/<clientid> HTTP/1.1
Accept: application/json
Authorization: Basic YWRtaW46YWRtaW4=
A successful deletion will respond with 204 No content status code.
Links:
Implementation:
https://github.com/wso2-extensions/identity-inbound-auth-oauth/pull/396
Automation:
https://github.com/wso2/product-is/pull/1293