A confidential application in OAuth2 flow is an application which requires client authentication before retrieving an access token.
According to current implementation we can define confidential applications just per grant type. ie we can define all applications which use authorization code grant should be confidential. We do not have the flexibility to decide whether a specific application should be confidential or not. As a solution we can bring this config to UI and have a per application configuration in UI. If we bring this option to UI level / per application, we can define confidentiality of an application, but in contrast we will miss the ability to define whether a specific type of grant should be confidential or not for a specific application. In order to cater both application and grant type level confidentiality we may need to have configurations per grant type. WDYT ? -- Hasintha Indrajee WSO2, Inc. Mobile:+94 771892453
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
