Hi Nuwan, We are going forward with not encrypting the consumer key. Started working on this will be tracked via [1]. There are few more encryption concerns related to session store and authorization code storage as well. Will provide the details of the approach to be taken ASAP.
[1] - https://wso2.org/jira/browse/IDENTITY-4088 Thanks, Pushpalanka. -- Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ Mobile: +94779716248 Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka On Tue, Nov 17, 2015 at 10:39 AM, Nuwan Dias <nuw...@wso2.com> wrote: > Hi IS folks, > > We talked about avoiding the encryption of the consumer key to avoid the > issue originally raised on this mail thread. Are we going ahead with that > decision? It still encrypts it on carbon-identity_5.0.2 release. > > Please note that this results in a blocking issue for the release of API > Manager 1.10.0. Therefore we either need to stop encrypting it altogether > or find another solution for this problem. And we need it ASAP :) > > Thanks, > NuwanD. > > On Tue, Oct 20, 2015 at 2:38 PM, Nuwan Dias <nuw...@wso2.com> wrote: > >> Hi, >> >> When we enable key encryption for OAuth keys, the clientId is encrypted >> in the IDN_OAUTH_CONSUMER_APPS table. But it is left in plain text in the >> INBOUND_AUTH_KEY column of the SP_INBOUND_AUTH table. This happens in >> carbon-identity_4.6.0-M2 release. Should not values in both columns be >> encrypted? >> >> Thanks, >> NuwanD. >> >> -- >> Nuwan Dias >> >> Technical Lead - WSO2, Inc. http://wso2.com >> email : nuw...@wso2.com >> Phone : +94 777 775 729 >> > > > > -- > Nuwan Dias > > Technical Lead - WSO2, Inc. http://wso2.com > email : nuw...@wso2.com > Phone : +94 777 775 729 > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > >
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
