Hi, On the API Store UI, whenever you generate credentials for an Application it also generates for you an OAuth 2.0 Access Token. This Access Token shouldn't ideally be used by any Application because its basically a token we generate for testing purposes (i.e for the API Console to work).
However, I have seen this token been misused by many by hardcoding it in their Apps, etc. Which potentially compromises the security of those Applications as well. Should we remove it from the UI completely? Or maybe make it pretty obvious on the UI that the token is a "Test" Access Token? Thanks, NuwanD. -- Nuwan Dias Technical Lead - WSO2, Inc. http://wso2.com email : [email protected] Phone : +94 777 775 729
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
