Unlike confidential clients, public clients such as applications running in a browser or on a mobile device are unable to keep registered client secret safe. Hence there should be a secure way of addressing this use case. In this article, we will discuss how to securely invoke your WSO2 API Cloud APIs from a public client with generic try out sample requests.

We have explained this scenario’s implementation for a mobile application using Flutter with our second article -“Flutter mobile application to consume your WSO2 Cloud APIs with PKCE”.

Problem

When invoking APIs securely, embedding the credentials/access tokens (ex: client-secrets) in…


source: https://www.360technosoft.com

In this article, we are discussing on implementing a Flutter mobile application which securely invokes an API through WSO2 API Cloud using “Authorization code grant with proof key for code exchange (PKCE).

We have discussed about PKCE flow and why it has been introduced to address security threats of public clients such as mobile or single page applications in our previous article.

Still haven’t read our previous article? Have a look at “Securely Consume your WSO2 Cloud APIs from Mobile/Single-Page Applications” to catch up background and generic security mechanism of PKCE.

Let’s begin!

Choosing a cross platform mobile application framework

With our previous article we have already…


What is CSRF vulnerability

“Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data since the attacker has no way to see the response to the forged request. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker’s choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state-changing…


Background

Before moving deeper into the topic we expect you to have the basic understanding on Kubernetes, Docker and Serverless Computing Concepts. If not you may refer to the links mentioned in this article or any valuable resource available to sharpen up your knowledge. Hope you will enjoy the article :D

What is Serverless Computing

“Serverless architectures are application designs that incorporate third-party “Backend as a Service” (BaaS) services, and/or that include custom code run in managed, ephemeral containers on a “Functions as a Service” (FaaS) platform.”

In our discussion, serverless computing concept is implemented using OpenWhisk which takes the infrastructure…


Since we have discussed the background and motivation for this study in previous articles in this series, we are going to discuss further about the methodology, findings and future works here.

Overview of the Methodology

As we have discussed in previous articles, our key objective is to develop a novel algorithm for plagiarism detection among multiple documents. One of most important resource needed is the Sinhala WordNet, which is crucial for most of the other Sinhala NLP based researches. Because of that as the first task we proposed the methodology for improving the Sinhala WordNet.

When considering the Sinhala WordNet researches done, Gallage [Gallage…


Animus Behind

Even though Sinhala is being used by over 16 million native speakers and being one of the official languages of Sri Lanka, less effective progress is visible in developing NLP applications for Sinhala language. This is partly due to the unavailability of fundamental Sinhala NLP resources and lack of commercial interest on developing Sinhala NLP applications on a global scale. …


Background

  • What is XQuery?

“XQuery is to XML what SQL is to databases”. XQuery is the language for querying XML data and it is built on XPath expressions. XQuery is supported by all major databases for finding and extracting elements and attributes from XML documents and that has been recommended by W3C.

  • What is VXQuery?

Apache VXQuery is a standards compliant XML Query processor implemented in Java. Queries will be evaluated on a cluster of distributed systems.

There are lots of large collections of relatively small documents and there are no scalable and efficient XQuery processors available today that are capable…


This post is regarding my GSoC 2017 project, implementing Apache VXQuery RESTful API (VXQUERY-180). An introduction to my GSoC project, how I came up with a design, implementation along with the problems faced and how I finally met the objectives are explained here. Also the future improvements possible are described at the end of this post. Hope you will enjoy!

Apache VXQUERY-180 (RESTful API)

Contributor — Erandi Ganepola

  • Undergraduate of BSc. in MIT (IT Special), University of Kelaniya, Sri Lanka
  • Programmer, Open Source Contributor and a Basketball player :-D

Mentors

Ian Maxon

  • Ian is a Development Engineer at UC Irvine, California
  • He is a PMC member and a Committer…

What is plagiarism detection?

Industrial Revolution has brought through industrialization, to an economy based Information Age. In this digital age plagiarism has turned into a serious problem. Lancaster and Culwin has stated in their paper that “plagiarism as theft of intellectual property which has been around as long as human has produced work of art and research”. Basically it is what you try to present someone else’s work as your own work without referencing to the original source.

Some of the common practice methods in plagiarism are copy-pasting textual information, using program codes without permission or reference, using similar ideas which are not common…


Age and gender play a major role in someone’s identification. Automatic age and gender classification has become relevant to an increasing amount of applications, particularly since the rise of social platforms and social media. Hiding true values of these variables can cause for security issues mainly. When it comes to Image Processing, an image or a video frame is taken as the input and by processing, expected predictions will be out putted. As the processing mechanism various algorithms and techniques have been used since years. …

Erandi Ganepola

Senior Software Engineer@WSO2 | Open-source Contributor | Basketball Enthusiast

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store