I think we can quickly implement these functionalities as we already have the service provider data. At the moment we don't have a plan for this improvement. However we have to carefully review what to allow and not. Else users will look for more and more support from API store which can complicate things.
On Tue, Jul 30, 2019 at 8:05 AM Johann Nallathamby <[email protected]> wrote: > APIM Team, > > We have some additional OAuth2 service provider configurations that are > seen in management console, but not in API Store. When do we plan to > support these in the API Store? > > 1. PKCE - This is a de facto standard now for mobile app security. > 2. Access/refresh/id token expiry times. > 3. Renew refresh tokens on use (found in IS) > 4. Authentication without client secret > > There are few more in the management console but I am not sure of its > applicability in API Store. > > Regards, > Johann. > > -- > *Johann Dilantha Nallathamby* | Associate Director/Solutions Architect | > WSO2 Inc. > (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) [email protected] > [image: Signature.jpg] > -- *Harsha Kumara* Technical Lead, WSO2 Inc. Mobile: +94775505618 Email: [email protected] Blog: harshcreationz.blogspot.com GET INTEGRATION AGILE Integration Agility for Digitally Driven Business
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
