APIM Team, We have some additional OAuth2 service provider configurations that are seen in management console, but not in API Store. When do we plan to support these in the API Store?
1. PKCE - This is a de facto standard now for mobile app security. 2. Access/refresh/id token expiry times. 3. Renew refresh tokens on use (found in IS) 4. Authentication without client secret There are few more in the management console but I am not sure of its applicability in API Store. Regards, Johann. -- *Johann Dilantha Nallathamby* | Associate Director/Solutions Architect | WSO2 Inc. (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) joh...@wso2.com [image: Signature.jpg]
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture