Hi Harsha, On Thu, Mar 29, 2018 at 10:03 PM, Harsha Kumara <[email protected]> wrote:
> > > On Thu, Mar 29, 2018 at 9:46 PM, Nuwan Dias <[email protected]> wrote: > >> +1. In API Manager 3.0 we did not introduce such a concept anyway. Are >> you suggesting we remove this from 2.x as well? >> >> On Thu, 29 Mar 2018 at 1:17 pm, Sanjeewa Malalgoda <[email protected]> >> wrote: >> >>> Hi All, >>> In API Manager we have application access token and user access token >>> concept. Application access token is the token obtained using resource >>> owner grant type. User access token is the token obtained by user(can be >>> application owner or someone else) by using any grant type. Initially we >>> introduced this feature to control resource level access of APIs. >>> >>> As example we can think of one API(camera API) which has 2 >>> resources(1.View photo 2.Add photo). Then we will need to let users to view >>> photos without login to system(means obtain token for user). In that case >>> we can limit view resource to application access token and mandate to use >>> user token to add photo. This way we can maintain resource access control. >>> >>> With scopes concept we can still do same. We can give read scope to view >>> photo and generate token for that embed with app. If user need to take >>> photo then he will have to get token with write(access add photo) scope. In >>> oauth spec also we cannot see this type of differentiation. So considering >>> all these shall we remove application access token concept from API >>> Manager? Any limitations with this? >>> >> When it come to token generation which we used to try out the API from > the Store, are we going to generate a user access token as we drops > application access token? If so we will need user credentials to generate a > token. > We're not changing that. Client credentials will still be used in store. Only Application Token vs Application User Token concept will be removed. We don't have that concept in 3.0 anyway. Thanks, Bhathiya > >>> Thanks, >>> sanjeewa. >>> >>> >>> -- >>> >>> *Sanjeewa Malalgoda* >>> WSO2 Inc. >>> Mobile : +94713068779 <+94%2071%20306%208779> >>> >>> <http://sanjeewamalalgoda.blogspot.com/>blog >>> :http://sanjeewamalalgoda.blogspot.com/ >>> <http://sanjeewamalalgoda.blogspot.com/> >>> >>> >>> -- >> Nuwan Dias >> >> Software Architect - WSO2, Inc. http://wso2.com >> email : [email protected] >> Phone : +94 777 775 729 <+94%2077%20777%205729> >> > > > > -- > Harsha Kumara > Software Engineer, WSO2 Inc. > Mobile: +94775505618 <077%20550%205618> > Blog:harshcreationz.blogspot.com > -- *Bhathiya Jayasekara* *Associate Technical Lead,* *WSO2 inc., http://wso2.com <http://wso2.com>* *Phone: +94715478185* *LinkedIn: http://www.linkedin.com/in/bhathiyaj <http://www.linkedin.com/in/bhathiyaj>* *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* *Blog: http://movingaheadblog.blogspot.com <http://movingaheadblog.blogspot.com/>*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
