Hi Shavantha.
On Fri, Dec 20, 2013 at 9:43 AM, Shavantha Weerasinghe <shavan...@wso2.com>wrote: > Hi Johann > > The following scenario needs to be looked at for OAuth > > If the tenant or a tenant user passes the super tenants client id, > client secret and his own client name as > tenantu...@tenant1.com/welcome and moves on the resource owner floor I > was able to go through the entire floor up untill the resource emails > were shown. > This is how it is implemented at the moment. As User authenticated to the Identitiy server before get the Access token It wont make Security Issue yet. But in future we can add a configuration if needed to restrict users to get Access token only form the apps registered in users domain. > > regards, > Shavantha Weerasinghe > Senior Software Engineer QA > WSO2, Inc. > lean.enterprise.middleware. > http://wso2.com > http://wso2.org > Tel : 94 11 214 5345 > Fax :94 11 2145300 > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > Thanks, -- Ishara Karunarathna Software Engineer WSO2 Inc. - lean . enterprise . middleware | wso2.com email: isha...@wso2.com, blog: isharaaruna.blogspot.com, mobile: +94 718211678
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev