>From what I found the "basic_info" permission/scope has a set of attributes which seem to uniquely identify the user. E.g. id, username, etc. But it is said that on the web this permission is always implied with every request and isn't required. So I guess there are no other attributes which can uniquely identify a user in FB. So I would think you don't need a scope field in the UI.
Because if there are permissions/scopes that retrieve an attribute that uniquely identifies a FB user then a service provider may always wish to use that particular attribute value as the federated identity. On Sat, Mar 29, 2014 at 12:29 AM, Prasad Tissera <[email protected]> wrote: > I'll remove the endpoint fields form the configuration page. And for > client secret, default zeros and a option to view it. > > Currently client secret stored in the table as it is. Will work on to > encrypt it. > > Do we need the scope field to be able to customize? Since we currently > only need Facebook user Id, "email" scope is enough. Will there be any > scenarios we need to change the scope parameter? > > > > > On Fri, Mar 28, 2014 at 7:05 PM, Prabath Siriwardena <[email protected]>wrote: > >> When did you last type in an OAuth secret ? :-) No one doing it... You >> just copy - paste... anyway +1 to have that... >> >> We need to hide the Oauth secret issued by us to0 - in the same way >> API manager is doing.... >> >> Thanks & regards, >> -Prabath >> >> On Fri, Mar 28, 2014 at 7:01 PM, Johann Nallathamby <[email protected]> >> wrote: >> > I think it is better to have any secret values in text boxes >> represented by >> > dots by default, but also be able to show them by clicking a check box. >> > Otherwise secrets like oauth2 client secrets are quite long and it is >> hard >> > to verify if we have typed it correctly. >> > >> > >> > On Fri, Mar 28, 2014 at 6:32 PM, Prabath Siriwardena <[email protected]> >> > wrote: >> >> >> >> Please remove following from the UI.. >> >> >> >> Token Endpoint / User Info Endpoint / Authorization Endpoint.. >> >> >> >> Also please make the text box type to password - for the client >> secret.. >> >> >> >> How do we store client secret ? Please make sure we encrypt it before >> >> storing.. >> >> >> >> -- >> >> Thanks & Regards, >> >> Prabath >> >> >> >> Twitter : @prabath >> >> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >> >> >> >> Mobile : +94 71 809 6732 >> >> >> >> http://blog.facilelogin.com >> >> http://blog.api-security.org >> > >> > >> > >> > >> > -- >> > Thanks & Regards, >> > >> > Johann Dilantha Nallathamby >> > Senior Software Engineer >> > Integration Technologies Team >> > WSO2, Inc. >> > lean.enterprise.middleware >> > >> > Mobile - +94777776950 >> > Blog - http://nallaa.wordpress.com >> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> Twitter : @prabath >> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >> >> Mobile : +94 71 809 6732 >> >> http://blog.facilelogin.com >> http://blog.api-security.org >> > > > > -- > Prasad Tissera > Software Engineer. > Mobile : +94777223444 > -- Thanks & Regards, *Johann Dilantha Nallathamby* Senior Software Engineer Integration Technologies Team WSO2, Inc. lean.enterprise.middleware Mobile - *+94777776950* Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
