No i think we can keep 2.X as it is and remove this from 3.0.0 onward. Like mentioned we do not have this in 3.0.0. Intention of this mail is to communicate that change to all devs.
Thanks, sanjeewa. On Thu, Mar 29, 2018 at 9:46 PM, Nuwan Dias <[email protected]> wrote: > +1. In API Manager 3.0 we did not introduce such a concept anyway. Are you > suggesting we remove this from 2.x as well? > > On Thu, 29 Mar 2018 at 1:17 pm, Sanjeewa Malalgoda <[email protected]> > wrote: > >> Hi All, >> In API Manager we have application access token and user access token >> concept. Application access token is the token obtained using resource >> owner grant type. User access token is the token obtained by user(can be >> application owner or someone else) by using any grant type. Initially we >> introduced this feature to control resource level access of APIs. >> >> As example we can think of one API(camera API) which has 2 >> resources(1.View photo 2.Add photo). Then we will need to let users to view >> photos without login to system(means obtain token for user). In that case >> we can limit view resource to application access token and mandate to use >> user token to add photo. This way we can maintain resource access control. >> >> With scopes concept we can still do same. We can give read scope to view >> photo and generate token for that embed with app. If user need to take >> photo then he will have to get token with write(access add photo) scope. In >> oauth spec also we cannot see this type of differentiation. So considering >> all these shall we remove application access token concept from API >> Manager? Any limitations with this? >> >> Thanks, >> sanjeewa. >> >> >> -- >> >> *Sanjeewa Malalgoda* >> WSO2 Inc. >> Mobile : +94713068779 <071%20306%208779> >> >> <http://sanjeewamalalgoda.blogspot.com/>blog :http://sanjeewamalalgoda. >> blogspot.com/ <http://sanjeewamalalgoda.blogspot.com/> >> >> >> -- > Nuwan Dias > > Software Architect - WSO2, Inc. http://wso2.com > email : [email protected] > Phone : +94 777 775 729 <077%20777%205729> > -- *Sanjeewa Malalgoda* WSO2 Inc. Mobile : +94713068779 <http://sanjeewamalalgoda.blogspot.com/>blog :http://sanjeewamalalgoda.blogspot.com/ <http://sanjeewamalalgoda.blogspot.com/>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
