I don’t think we should remove it, because it makes thing easy to test. May we what we can do is a) Call this a TEST token as opposed to access token (the label , the button) b) Move the test generation elsewhere not so close to the key/secret generation.
Isabelle. > On Mar 22, 2016, at 5:45 PM, Roshan Wijesena <ros...@wso2.com> wrote: > > +1 to keep the token as a "Test" Access Token. > > On Tue, Mar 22, 2016 at 10:03 PM, Nuwan Dias <nuw...@wso2.com > <mailto:nuw...@wso2.com>> wrote: > Hi, > > On the API Store UI, whenever you generate credentials for an Application it > also generates for you an OAuth 2.0 Access Token. This Access Token shouldn't > ideally be used by any Application because its basically a token we generate > for testing purposes (i.e for the API Console to work). > > However, I have seen this token been misused by many by hardcoding it in > their Apps, etc. Which potentially compromises the security of those > Applications as well. Should we remove it from the UI completely? Or maybe > make it pretty obvious on the UI that the token is a "Test" Access Token? > > Thanks, > NuwanD. > > -- > Nuwan Dias > > Technical Lead - WSO2, Inc. http://wso2.com <http://wso2.com/> > email : nuw...@wso2.com <mailto:nuw...@wso2.com> > Phone : +94 777 775 729 <tel:%2B94%20777%20775%20729> > _______________________________________________ > Dev mailing list > Dev@wso2.org <mailto:Dev@wso2.org> > http://wso2.org/cgi-bin/mailman/listinfo/dev > <http://wso2.org/cgi-bin/mailman/listinfo/dev> > > > > > -- > Roshan Wijesena. > Senior Software Engineer-WSO2 Inc. > Mobile: +94719154640 > Email: ros...@wso2.com <mailto:ros...@wso2.com> > <> > WSO2, Inc. : wso2.com <http://wso2.com/> > lean.enterprise.middleware. > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
