Sign in

Associate Technical Lead — WSO2 | GSoC Intern | CSE Graduate — UoM

In this post, we’ll discuss the best practices of identifying the authorized user of an access token and what approach we recommend in doing so.

WSO2 Identity Server supports OAuth2 and OpenID Connect frameworks that define standard protocols on authorizing third-party applications when accessing user identities such that access to…


What is Helm?

When deploying an application on Kubernetes, it is required to define and manage several Kubernetes resources such as pods, services, deployments, and replicasets. Each of these require to write a group of manifest files in YAML format. In the context of a complex application deployment it becomes a difficult task…


CSRF (Cross-Site Request Forgery) can allow an attacker to coerce a user into unknowingly and unintentionally dispatch responses to an application. …


TLS which is the successor of SSL is a protocol that provides a secure mechanism for authentication using x509 certificates. It also provides a two-way encrypted channel between two parties. …


In the present day, the most common approach for protecting APIs is by using shared secrets. Every time the API is called, this secret must be presented which is not that secure. Then there are other mechanisms such as OAuth which is used to enforce access control on APIs. However…


When using HTTP Requester to establish HTTPS connection to remote server, you may be encountering the following exception.

ERROR — TargetHandler I/O error: Host name verification failed for host : 172.20.5.110 javax.net.ssl.SSLException: Host name verification failed for host : <host-name> at org.apache.synapse.transport.http.conn.ClientSSLSetupHandler.verify(ClientSSLSetupHandler.java:152) at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:285)

It indicates that your application is…


When you are running a Java application, if you add these JVM arguments, it would log the Java Garbage collection details to a log file.

-Xloggc:gc_memory_logs.log -XX:+PrintGCDetails -XX:+PrintGCTimeStamps

Typically these logs would looks like this.

1.703: [GC [PSYoungGen: 132096K->16897K(153600K)] 132096K->16905K(503296K), 0.0171210 secs] [Times: user=0.05 sys=0.01, real=0.01 secs] 
3.162: [GC [PSYoungGen…


WSO2 Identity Server supports OpenID Connect Discovery to discover an end user’s OpenID provider, and also to obtain information required to interact with the OpenID provider, including its OAuth 2.0 endpoint locations.

One limitation in the current Identity Server version (5.7.0) is that, the values in the Discovery response is…


Were you looking for a REST API to lock/unlock user accounts in WSO2 Identity Server? Then you might find this article interesting.

First of all let’s install the latest version of Identity Server. You can download it from here.

Now let’s configure SCIM for account locking in WSO2 Identity Server…


Installing lua-resty-openidc on an Existing NGINX Installation

If you have already read the part 1 of this series, you may already know how to configure NGINX as an OpenID Connect Relying Party with the help of an open source library designed for NGINX — lua-resty-openidc. Part 1 contains further details about this use-case and about lua-resty-openidc module…

Sathya Bandara

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store