Hi Nuwan, Yes token is generated through a method provided through the interface. Until now we have been calling that method and returning the token with the output. Will change the behaviour such that if the token response is null, the token details will be omitted from the output (rather than sending null for token details).
On Saturday, March 7, 2015, Nuwan Dias <nuw...@wso2.com> wrote: > > > On Fri, Mar 6, 2015 at 5:58 PM, Amila De Silva <ami...@wso2.com> wrote: > >> Hi, >> >> Currently in API Store when a user clicks on Generate button after >> subscribing to an API, following two operations happen in a single call, >> >> a. Getting a Consumer key and a secret for the application. >> b. Generating an Access Token. >> >> However when integrating with external Authorization Servers, there can >> be scenarios where the Authorization Server doesn’t allow generating >> Application Tokens. As there won’t be an access token to be shown in the >> UI in such cases, an option should be given to configure creating the >> Access Token. >> >> Two options can be provided to control this behaviour; >> >> 1. Creating client details and Access Token using two separate calls >> >> When the user clicks on Generate button, only the Consumer ID and Secret >> will be generated. Then the user would have to click on another button to >> get the Access Token. If the user doesn’t need the Access Token they can >> simply remove the second button from the UI. >> >> 2. Provide a configuration to control Application Token Creation >> >> When configuring the Key Manager, users can specify whether they want to >> create an Application Token. When it’s enabled a token will be generated as >> the Consumer Key/Secret is created, and when it’s disabled Tokens won’t be >> created or displayed in the UI. >> >> Planning to go with option 2, since it involves less changes. Please >> share your thoughts on this approach. >> > Does the access token generation at this point happen through a particular > interface function? If so we can generate it always. If someone doesn't > want it to be generated, they could just override that function in the > interface and return nothing (so that field in the UI would be blank). This > way, we can avoid introducing new configs. > >> -- >> *Amila De Silva* >> >> WSO2 Inc. >> mobile :(+94) 775119302 >> >> > > > -- > Nuwan Dias > > Associate Tech Lead - WSO2, Inc. http://wso2.com > email : nuw...@wso2.com > Phone : +94 777 775 729 >
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
