Hi all; Currently in the APIManager we provide an option in the identity.xml to configure the token validity period. But it is global level one time setting.
*Scenario* If there is any theft in the tokens or publisher Admin may want to control the validity period of the token per Application/Per user level, based on some conditions, admin needs to configure the token validity period. Currently we don't have that facility in APIManager. *Approaches* To provide a flexible token validation configuration parameter; 1. At the store UI, when store admin/subscriber creates an application, we can ask for validityTime for the token. In this case, again, tokenValidity period is going to be Application level.So, this will affect all users who are subscribed to that application. (Let's say , this as "ApplicationToken Validity period") 2. At the store front, if we consider per user level validity period for an Application( Let's say,this as Usertoken validity period for Application), would be a better solution? How can we approach this token validity configuration ? Any thoughts/ideas are welcome.. Thanks. -- -Ratha mobile: (+94)755906608
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
