Hi, Currently in API Store when a user clicks on Generate button after subscribing to an API, following two operations happen in a single call,
a. Getting a Consumer key and a secret for the application. b. Generating an Access Token. However when integrating with external Authorization Servers, there can be scenarios where the Authorization Server doesn’t allow generating Application Tokens. As there won’t be an access token to be shown in the UI in such cases, an option should be given to configure creating the Access Token. Two options can be provided to control this behaviour; 1. Creating client details and Access Token using two separate calls When the user clicks on Generate button, only the Consumer ID and Secret will be generated. Then the user would have to click on another button to get the Access Token. If the user doesn’t need the Access Token they can simply remove the second button from the UI. 2. Provide a configuration to control Application Token Creation When configuring the Key Manager, users can specify whether they want to create an Application Token. When it’s enabled a token will be generated as the Consumer Key/Secret is created, and when it’s disabled Tokens won’t be created or displayed in the UI. Planning to go with option 2, since it involves less changes. Please share your thoughts on this approach. -- *Amila De Silva* WSO2 Inc. mobile :(+94) 775119302
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
