On Thu, Jan 4, 2018 at 2:38 PM, Rushmin Fernando <[email protected]> wrote:
> IMO, a UI looks like below would solve the problem. > > *State 1* > > ☑ All > ☑ Authorization Code > ☑ Implicit > > *State 2* > > ☐ All > ☑ Authorization Code > ☐ Implicit > > > And we don't need to globally make a grant type confidential right? IMO we > can get rid of it since it makes thing bit complex. Do we have a real use > case for that? > > > > > On Thu, Jan 4, 2018 at 2:10 PM, Hasintha Indrajee <[email protected]> > wrote: > >> A confidential application in OAuth2 flow is an application which >> requires client authentication before retrieving an access token. >> >> According to current implementation we can define confidential >> applications just per grant type. ie we can define all applications which >> use authorization code grant should be confidential. We do not have the >> flexibility to decide whether a specific application should be confidential >> or not. >> >> As a solution we can bring this config to UI and have a per application >> configuration in UI. If we bring this option to UI level / per application, >> we can define confidentiality of an application, but in contrast we will >> miss the ability to define whether a specific type of grant should be >> confidential or not for a specific application. >> >> In order to cater both application and grant type level confidentiality >> we may need to have configurations per grant type. WDYT ? >> >> >> -- >> Hasintha Indrajee >> WSO2, Inc. >> Mobile:+94 771892453 <+94%2077%20189%202453> >> >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > *Best Regards* > > *Rushmin Fernando* > *Technical Lead* > > WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware > > mobile : +94775615183 > > > -- Hasintha Indrajee WSO2, Inc. Mobile:+94 771892453
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
