This PR adds API based authentication capabilities to the OIDC connector to support Native SDK based Federation flow as follows.
Update getContextIdentifier() in order to return sessionDataKey in Native SDK based Federation flows.
Update requestAccessToken() in order to exchange an access tokens in Native SDK based Federation flows.
A new OAuthClientResponse NativeSDKBasedFederatedOAuthClientResponse.
A new method that facilitates the verification of a provided IdP as a trusted token issuer, in order to distinguish between the two federation modes as mentioned in Additional Context section.
Additional Context
With the introduction of API Based Authentication, WSO2 IS will provide support for two distinct federated authentication flows as outlined below.
Mode 1: External IDP is configured in IS and the authentication is handled through IS by redirecting to the external IDP.
Mode 2 - Native SDK based Federation: The app uses the IdP SDK for a social login option, for example, Google; and federating to Google directly from the app. Then, the client will exchange an access token received directly from the IdP, for an OAuth2 token from the IS side. (This flow will be executed, only if the IdP is a trusted token issuer.)
Proposed changes in this pull request
getContextIdentifier()
in order to returnsessionDataKey
in Native SDK based Federation flows.requestAccessToken()
in order to exchange an access tokens in Native SDK based Federation flows.NativeSDKBasedFederatedOAuthClientResponse
.Additional Context
Mode 1
: External IDP is configured in IS and the authentication is handled through IS by redirecting to the external IDP.Mode 2
-Native SDK based Federation
: The app uses the IdP SDK for a social login option, for example, Google; and federating to Google directly from the app. Then, the client will exchange an access token received directly from the IdP, for an OAuth2 token from the IS side. (This flow will be executed, only if the IdP is a trusted token issuer.)Related PRs
Related Issues