User stories: epic 4, stories 3, 5, and 8
#### Requirements for app management flow
- List my apps
- Display app details (name, description, client ID, rate limit)
- Provide an option to reset a client secret
- Provide an option to disable an app
#### [Prototype](https://zl8v18.axshare.com/#id=uwqv8b&p=my_account_key_manage)
| --- |--- |--- |--- |
|{F31820297} |{F31820299} |{F31820301} | {F31820303}
#### Terminology
**app**
“App” is synonymous with “client”.
**client ID**
A value created when registering a client in the API Portal. A user can access the client ID for their client when logged in to the API Portal.
**client secret**
A value created when registering an app in the API Portal. A client secret is shown to the user once on creation and can only be accessed again by resetting it.
**access token**
A value generated in one of two ways:
* Created by the API Portal when registering a client authorized to act on behalf of a single user (the user creating the client). In this case, the access token has identical rights, roles, and permissions to that user. An access token generated in this way is shown to the user once on creation and can only be accessed again by resetting it.
* Created by an OAuth Extension API request /oauth/access_token as part of a user-authorization flow
**rate limit**
A rate limit is applied to a client based on client ID. Rate limits can differ between clients, so a user should be able to see the rate limit for each of their clients when logged in to the API Portal.
#### Questions
* ~~Should we include options to update the Public RSA key and allowed IP ranges as shown above?~~
* No, these options aren't included in the Create app flow.
* The prototype shows an option to delete an app. Is this supported by the OAuth extension?
#### References
Update consumer options on Meta:
{F31744982}