Page MenuHomePhabricator

Administrator limits number of client IDs per Client Developer
Open, Needs TriagePublic

Description

"As an Administrator, I want to limit the number of client IDs that each Client Developer can register, to prevent misuse of the authentication system."

A typical form of misuse would be registering multiple client IDs for the same app to get around API rate limits. Another form would be overloading the client ID approval process.

@BPirkle checked the database and found a max number of client IDs per developer account at 56. We think 100 client IDs should cover legitimate needs for most developers, but this should probably be configurable by a user right.