[GSOC-2017] OAuth 2.0 Dynamic Client Registration Management Protocol Support for WSO2 Identity Server

The idea of this GSOC project is to enable OAuth 2.0 Dynamic Client Management (DCRM) protocol in WSO2 Identity Server.

The following methods has been covered in the implementation,

  1. Read an already registered service provider
  2. Update an already registered service provider
  3. Delete an already registered service provider

Read request

The client can make an HTTP GET request to the Client Configuration Endpoint of the WSO2 Identity Server to read the current registration state of the service provider.

Format

GET https://localhost:9443/identity/register/<clientid> HTTP/1.1

Accept: application/json

Authorization: Basic YWRtaW46YWRtaW4=

This request will be processed and respond with all the metadata relevant to the client with 201 status code if no error conditions meet.

Example of a successful response:

{

“grant_types”: [“implicit”],

“client_secret_expires_at”: null,

“redirect_uris”: [“vakldsnvl”],

“client_secret”: “l0BjlqJmnWIlLobY0HRnVzS1CBIa”,

“client_name”: “admin_app1”,

“client_id”: “f4_8GGLDPOcLJg7DcO0jI_eWjW4a”

}

If the client id in the request is an invalid one, then the server will respond with the following error with status code 400.

{

“error”: “backend_failed”,

“error_description”: “Error occurred while reading the existing service provider.”

}

Update request

The client can make an HTTP PUT request to the Client Configuration Endpoint of the WSO2 Identity Server to update a previously registered client.

Client is not allowed to update the client name, client ID and client secret returned from the Identity server.

Format

PUT https://localhost:9443/identity/register/<clientid> HTTP/1.1

Accept: application/json

Authorization: Basic YWRtaW46YWRtaW4=

{

“client_name”: “app4”,

“client_id”: “7JccuZUyU1RJR9qgfFHcUi0PbY4a”,

“client_secret”: “8iiiJbCpT2fRdKOmShWNWI1_RFEa”,

“grant_types”: [“implicit”],

“redirect_uris”: [“vakldsnvl”]

}

Response format will be as same as the response for read request stated above.

Delete request

The client can make an HTTP PUT request to the Client Configuration Endpoint of the WSO2 Identity Server to update a previously registered client.

DELETE https://localhost:9443/identity/register/<clientid> HTTP/1.1

Accept: application/json

Authorization: Basic YWRtaW46YWRtaW4=

A successful deletion will respond with 204 No content status code.

Links:

Implementation:

https://github.com/wso2-extensions/identity-inbound-auth-oauth/pull/396

Automation:

https://github.com/wso2/product-is/pull/1293

Sample:

https://github.com/wso2/product-is/pull/1320

)
Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade