Imutable service/client ID

[yonatandt]

The service-providers and clients should have a unique ID that does not change.

Currently it changes with Renew Credentials button. Therefore the client will have to go and get all of his scopes again for his new Client ID, and if this service is also a service-providers, all of his clients would have to get their scopes again.

It also will be difficult for the service-providers to track their different clients (#85 will also help).

[ShragaUser]

The more important issue isn't the changing of the clientId / secret. As long as the _id (and alias) stay the same so clients can retain credentials.

Also I would make "renew credentials" a more difficult action to accomplish. ( Maybe a 2 step request etc... )

[shakedmanes]

When you perform Renew Credentials operation, Only the client id and client secret are affected. Therefore your users will not be affected by this operation, but only your deployments (for changing the client id and client secret)

The scopes for your client is saved in different way (using the audienceId property which is unique and currently does not changed).

By that way, the Renew Credentials does not affect changes in your business logic and you should not be worried about it.

You will use Renew Credentials only when your client credentials are compromised or when exceeded the token limit (which is right now 10 tokens per day) and need tokens ASAP (if your deployment crashed or lost all your token, etc.)

Also, in the next release, we will update more comprehensive way to manage scopes and clients so don't worry :)

About the Renew Credentials operation, when the user clicks the button to renew credentials, there is a prompt which validating if the user is concerned about the consequences regarding the operation (new client id and client secret, and all access tokens belonging to the client, will be deleted from our db) so I think its basically enough difficulty for the renew credentials operation.