+1 to keep the token as a "Test" Access Token. On Tue, Mar 22, 2016 at 10:03 PM, Nuwan Dias <[email protected]> wrote:
> Hi, > > On the API Store UI, whenever you generate credentials for an Application > it also generates for you an OAuth 2.0 Access Token. This Access Token > shouldn't ideally be used by any Application because its basically a token > we generate for testing purposes (i.e for the API Console to work). > > However, I have seen this token been misused by many by hardcoding it in > their Apps, etc. Which potentially compromises the security of those > Applications as well. Should we remove it from the UI completely? Or maybe > make it pretty obvious on the UI that the token is a "Test" Access Token? > > Thanks, > NuwanD. > > -- > Nuwan Dias > > Technical Lead - WSO2, Inc. http://wso2.com > email : [email protected] > Phone : +94 777 775 729 > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Roshan Wijesena. Senior Software Engineer-WSO2 Inc. Mobile: *+94719154640* Email: [email protected] *WSO2, Inc. :** wso2.com <http://wso2.com/>* lean.enterprise.middleware.
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
