Hi Asela, It's a funny coincidence that me and you are thinking of the same thing at the same time. I was also thinking about this change for the next release in the morning.
Basically our access token issuance is done by the grant handlers. Therefore to modify access token issuing we need to write a new grant handler and plug in but does not make sense. One day when we need to support HMAC tokens with Bearer we will have to have to grant handlers for each grant type for two token types. So as you said the best solution is to remove the token issuance from the grant handling interface and have it separately. As you said, appending the resource owner name to the access token for access token table partitioning should be done through this new extension point. Totally +1 for this improvement for the next release. On Tue, Dec 17, 2013 at 12:29 PM, Asela Pathberiya <[email protected]> wrote: > Hi All, > > AFAIK, OAuth token value can be an any string and there is no special > format has been defined. Therefore I guess, It is better to create an > extension to build the access token. Currently, It seems to be that OAuth > implementation have not an simple extension to customize the returning > access token value. But i have seen in the implementation itself, access > token is customized by appending user names in to it, by depending on the > parameters in the configuration. Like that, in the future there may be > scenario, where we want to customize the value. Is it good to provide such > extension? wdyt? > > Thanks, > Asela. > > -- > Thanks & Regards, > Asela > > ATL > Mobile : +94 777 625 933 > -- Thanks & Regards, *Johann Dilantha Nallathamby* Senior Software Engineer Integration Technologies Team WSO2, Inc. lean.enterprise.middleware Mobile - *+94777776950* Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
