On Thu, Mar 29, 2018 at 9:46 PM, Nuwan Dias <[email protected]> wrote: > +1. In API Manager 3.0 we did not introduce such a concept anyway. Are you > suggesting we remove this from 2.x as well? > > On Thu, 29 Mar 2018 at 1:17 pm, Sanjeewa Malalgoda <[email protected]> > wrote: > >> Hi All, >> In API Manager we have application access token and user access token >> concept. Application access token is the token obtained using resource >> owner grant type. User access token is the token obtained by user(can be >> application owner or someone else) by using any grant type. Initially we >> introduced this feature to control resource level access of APIs. >> >> As example we can think of one API(camera API) which has 2 >> resources(1.View photo 2.Add photo). Then we will need to let users to view >> photos without login to system(means obtain token for user). In that case >> we can limit view resource to application access token and mandate to use >> user token to add photo. This way we can maintain resource access control. >> >> With scopes concept we can still do same. We can give read scope to view >> photo and generate token for that embed with app. If user need to take >> photo then he will have to get token with write(access add photo) scope. In >> oauth spec also we cannot see this type of differentiation. So considering >> all these shall we remove application access token concept from API >> Manager? Any limitations with this? >> > When it come to token generation which we used to try out the API from the Store, are we going to generate a user access token as we drops application access token? If so we will need user credentials to generate a token.
> >> Thanks, >> sanjeewa. >> >> >> -- >> >> *Sanjeewa Malalgoda* >> WSO2 Inc. >> Mobile : +94713068779 <+94%2071%20306%208779> >> >> <http://sanjeewamalalgoda.blogspot.com/>blog :http://sanjeewamalalgoda. >> blogspot.com/ <http://sanjeewamalalgoda.blogspot.com/> >> >> >> -- > Nuwan Dias > > Software Architect - WSO2, Inc. http://wso2.com > email : [email protected] > Phone : +94 777 775 729 <+94%2077%20777%205729> > -- Harsha Kumara Software Engineer, WSO2 Inc. Mobile: +94775505618 Blog:harshcreationz.blogspot.com
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
