Hi
On Tue, May 9, 2017 at 10:31 AM, Farasath Ahamed wrote:
>
>
> On Tuesday, May 9, 2017, Isura Karunaratne wrote:
>
>> Hi Fara,
>>
>> I think we can use following way to fix the problem.
>>
>>
>>- Check an OAuth application is registered for SP in
>>doPreUpdateApplication method, if no
On Tuesday, May 9, 2017, Isura Karunaratne wrote:
> Hi Fara,
>
> I think we can use following way to fix the problem.
>
>
>- Check an OAuth application is registered for SP in
>doPreUpdateApplication method, if not, return and skip following steps.
>- Get the value of SaaS property in
Hi Hasanthi,
On Tue, May 9, 2017 at 8:41 AM, Hasanthi Purnima Dissanayake <
hasan...@wso2.com> wrote:
> Hi Sathya,
>
> Does the spec [1] contains any detail about access token revocation?
>
> According to the Oauth 2 spec, revocation of a refresh token should also
> invalidate all access tokens b
Hi Fara,
I think we can use following way to fix the problem.
- Check an OAuth application is registered for SP in doPreUpdateApplication
method, if not, return and skip following steps.
- Get the value of SaaS property in
ApplicationMgtListener.doPreUpdateApplication()
- *value1*
Hi Sathya,
Does the spec [1] contains any detail about access token revocation?
It is evident that we should revoke the refresh token such that user is not
> permitted to obtain further access tokens for the application.
yes it is obvious that we should not allow to generate access tokens using
On Monday, May 8, 2017, Pulasthi Mahawithana wrote:
> Hi Sathya,
>
> I think it would be better to do this with a application mgt listener
> rather than doing this at the validation time. We can use a
> "ApplicationMgtListener.doPostUpdateApplication()"[1] implementation and
> invalidate all the
Hi Sathya,
I think it would be better to do this with a application mgt listener
rather than doing this at the validation time. We can use a
"ApplicationMgtListener.doPostUpdateApplication()"[1] implementation and
invalidate all the tokens issued to users from other tenants when the
application is
Hi All,
This is in relation to issue [1] which happens when using a valid access
token issued to a SaaS enabled application (application in a separate
domain. User from another tenant domain). After disabling SaaS, it is still
possible to use the same access token to access the UserInfo endpoint f