Hi Hasintha, On Thu, Jan 4, 2018 at 2:10 PM, Hasintha Indrajee <[email protected]> wrote:
> A confidential application in OAuth2 flow is an application which requires > client authentication before retrieving an access token. > > According to current implementation we can define confidential > applications just per grant type. ie we can define all applications which > use authorization code grant should be confidential. We do not have the > flexibility to decide whether a specific application should be confidential > or not. > > As a solution we can bring this config to UI and have a per application > configuration in UI. If we bring this option to UI level / per application, > we can define confidentiality of an application, but in contrast we will > miss the ability to define whether a specific type of grant should be > confidential or not for a specific application. > > In order to cater both application and grant type level confidentiality we > may need to have configurations per grant type. WDYT ? > IMO, It is enough to have the configuration in SP level. We can cater the grant type wise confidentiality by creating Service Providers per grant type. Thanks Isura. > > > -- > Hasintha Indrajee > WSO2, Inc. > Mobile:+94 771892453 <+94%2077%20189%202453> > > -- *Isura Dilhara Karunaratne* Associate Technical Lead | WSO2 Email: [email protected] Mob : +94 772 254 810 Blog : http://isurad.blogspot.com/
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
