On Fri, Nov 29, 2013 at 12:19 PM, Prabath Siriwardena <[email protected]>wrote:
> > On Fri, Nov 29, 2013 at 11:14 AM, Johann Nallathamby <[email protected]>wrote: > >> Hi Asela, >> >> I think deleting the application and creating it again is fine. Its not a >> common case so its fine to re do the authorization. >> > > No.. its not acceptable to delete and redo. This will make all previously > collected data/stats unusable. We need to have a functionality to > regenerate the key. > +1 Following is got this from the spec..... We only want to invalidate code and refresh token, not others... "An authorization server may revoke a client’s secret in order to prevent abuse of a revealed secret. Note: This measure will immediately invalidate any authorization code or refresh token issued to the respective client." I guess, It is better to implement this for IS.. Jira is created to tract.... [1] [1] https://wso2.org/jira/browse/IDENTITY-1916 Thanks, Asela. > > Thanks & regards, > -Prabath > > >> >> >> On Fri, Nov 29, 2013 at 10:49 AM, Asela Pathberiya <[email protected]>wrote: >> >>> Hi All, >>> >>> How can we revoke or update client credentials? If there is a trusted >>> client and when client's secret is compromised. Client would need to update >>> this secret. (or generate new one and revoke older one). Sorry, I could not >>> find any API method for this with IS 450. Or else, we need to delete the >>> current registration and add new client registration (Then we may need to >>> redo the authorization grant again for end users). What would be the >>> recommended approach? >>> >>> Thanks, >>> Asela. >>> >>> -- >>> Thanks & Regards, >>> Asela >>> >>> ATL >>> Mobile : +94 777 625 933 >>> >> >> >> >> -- >> Thanks & Regards, >> >> *Johann Dilantha Nallathamby* >> Senior Software Engineer >> Integration Technologies Team >> WSO2, Inc. >> lean.enterprise.middleware >> >> Mobile - *+94777776950* >> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >> > > > > -- > Thanks & Regards, > Prabath > > Mobile : +94 71 809 6732 > > http://blog.facilelogin.com > http://blog.api-security.org > -- Thanks & Regards, Asela ATL Mobile : +94 777 625 933
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
