IMO, a UI looks like below would solve the problem.
*State 1*
☑ All
☑ Authorization Code
☑ Implicit
*State 2*
☐ All
☑ Authorization Code
☐ Implicit
And we don't need to globally make a grant type confidential right? IMO we
can get rid of it since it makes thing bit complex. Do we have a real use
case for that?
On Thu, Jan 4, 2018 at 2:10 PM, Hasintha Indrajee <[email protected]> wrote:
> A confidential application in OAuth2 flow is an application which requires
> client authentication before retrieving an access token.
>
> According to current implementation we can define confidential
> applications just per grant type. ie we can define all applications which
> use authorization code grant should be confidential. We do not have the
> flexibility to decide whether a specific application should be confidential
> or not.
>
> As a solution we can bring this config to UI and have a per application
> configuration in UI. If we bring this option to UI level / per application,
> we can define confidentiality of an application, but in contrast we will
> miss the ability to define whether a specific type of grant should be
> confidential or not for a specific application.
>
> In order to cater both application and grant type level confidentiality we
> may need to have configurations per grant type. WDYT ?
>
>
> --
> Hasintha Indrajee
> WSO2, Inc.
> Mobile:+94 771892453 <+94%2077%20189%202453>
>
>
> _______________________________________________
> Dev mailing list
> [email protected]
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
--
*Best Regards*
*Rushmin Fernando*
*Technical Lead*
WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware
mobile : +94775615183
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
