What would be the default values of client authentication? We need to look into IS-KM scenario as well where the SP is generated upon key generation.
Also, would there be options to support this with dynamic client registration as well ? Regards, TharinduE On Fri, Jan 5, 2018 at 9:53 AM, Isura Karunaratne <[email protected]> wrote: > Hi Hasintha, > > On Thu, Jan 4, 2018 at 2:10 PM, Hasintha Indrajee <[email protected]> > wrote: > >> A confidential application in OAuth2 flow is an application which >> requires client authentication before retrieving an access token. >> >> According to current implementation we can define confidential >> applications just per grant type. ie we can define all applications which >> use authorization code grant should be confidential. We do not have the >> flexibility to decide whether a specific application should be confidential >> or not. >> >> As a solution we can bring this config to UI and have a per application >> configuration in UI. If we bring this option to UI level / per application, >> we can define confidentiality of an application, but in contrast we will >> miss the ability to define whether a specific type of grant should be >> confidential or not for a specific application. >> >> In order to cater both application and grant type level confidentiality >> we may need to have configurations per grant type. WDYT ? >> > > IMO, It is enough to have the configuration in SP level. > > We can cater the grant type wise confidentiality by creating Service > Providers per grant type. > > Thanks > Isura. > > >> >> >> -- >> Hasintha Indrajee >> WSO2, Inc. >> Mobile:+94 771892453 <+94%2077%20189%202453> >> >> > > > -- > > *Isura Dilhara Karunaratne* > Associate Technical Lead | WSO2 > Email: [email protected] > Mob : +94 772 254 810 <+94%2077%20225%204810> > Blog : http://isurad.blogspot.com/ > > > > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
