IMO I don't see any difference.. both are access tokens... 1. Application Access Token --> Access token used by the person who creates the Application 2. User Acces Token --> Access token used by the rest.
IMHO we should no differentiate the application owners token from others at this level. It should be at the scope level... Thanks & regards, -Prabath On Thu, Jan 10, 2013 at 4:23 PM, Sanjeewa Malalgoda <[email protected]>wrote: > Hi, > > On Thu, Jan 10, 2013 at 4:03 PM, Prabath Siriwardena <[email protected]>wrote: > >> Hi Sanjeewa, >> >> Can you please explain what is the application token and what is the user >> token... > > > When someone come to API store he can generate new application by bundling > few APIs. So he can generate *Application access token,* consumer key and > consumer secret key. With given application token App creator can invoke > apis available with created Application. > > We can get *User access token* by passing consumer key, consumer secret > key and user credentials. Clients are using this key to invoke APIs. > > Advantage of having different life time is we do not want to re generate > application access token frequently. Same time we can enforce users to > login again and get new tokens after some time. Usually application access > key is used by app developer and it should have long life time. > > >> Thanks & regards, >> -Prabath >> >> >> On Thu, Jan 10, 2013 at 2:19 PM, Sanjeewa Malalgoda <[email protected]>wrote: >> >>> Hi All, >>> What do you think about $subject. I think this would be useful feature >>> for some scenarios. Let say we need to have user token with shorter life >>> time and application token with long life time. In such scenarios we can >>> use this option. What do you think about adding new configuration to OAuth >>> section of identity.xml? Configuration would be like this. We can use -1 to >>> indicate that token should not expire. >>> >>> <AccessTokenDefaultValidityPeriod>3600</AccessTokenDefaultValidityPeriod> >>> >>> <ApplicationAccessTokenDefaultValidityPeriod>36000</AccessTokenDefaultValidityPeriod> >>> >>> WDYT? >>> >>> Thanks. >>> -- >>> *Sanjeewa Malalgoda* >>> WSO2 Inc. >>> Mobile : +14084122175 | +94713068779 >>> >>> <http://sanjeewamalalgoda.blogspot.com/>blog >>> :http://sanjeewamalalgoda.blogspot.com/<http://sanjeewamalalgoda.blogspot.com/> >>> >> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> Mobile : +94 71 809 6732 >> >> http://blog.facilelogin.com >> http://RampartFAQ.com >> > > > > -- > *Sanjeewa Malalgoda* > WSO2 Inc. > Mobile : +14084122175 | +94713068779 > > <http://sanjeewamalalgoda.blogspot.com/>blog > :http://sanjeewamalalgoda.blogspot.com/<http://sanjeewamalalgoda.blogspot.com/> > -- Thanks & Regards, Prabath Mobile : +94 71 809 6732 http://blog.facilelogin.com http://RampartFAQ.com
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
