Obfuscate username from token introspection response

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Obfuscate username from token introspection response

Sominda Gamage
Hello,

This is regarding the git issue [1].

Currently we don't have a method to omit or obfuscate username and clientID identifiers from the introspection response. We cannot omit the two identifiers from the response since it might create backward compatible issues. 

One way to solve this would be providing an options to customize introspection response in the UI.
Any feedback on this matter would be appreciated.


regards,
Sominda.

--
Sominda Gamage | Software Engineer| WSO2 Inc.
(M)+94 719873902 | (E) [hidden email]

_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Obfuscate username from token introspection response

Maduranga Siriwardena
Hi Sominda,

We can have a configuration to add the optional parameters to the token introspection response, preferably in the service provider level.

Thanks,
Maduranga.

On Fri, Feb 22, 2019 at 12:21 PM Sominda Gamage <[hidden email]> wrote:
Hello,

This is regarding the git issue [1].

Currently we don't have a method to omit or obfuscate username and clientID identifiers from the introspection response. We cannot omit the two identifiers from the response since it might create backward compatible issues. 

One way to solve this would be providing an options to customize introspection response in the UI.
Any feedback on this matter would be appreciated.


regards,
Sominda.

--
Sominda Gamage | Software Engineer| WSO2 Inc.
(M)+94 719873902 | (E) [hidden email]
_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev


--
Maduranga SiriwardenaAssociated Technical Lead | WSO2 Inc.
+94718990591 | [hidden email]




_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev