Hi Sewmini, On Tue, Mar 31, 2015 at 10:39 AM, Sewmini Jayaweera <[email protected]> wrote:
> Hi, > > When adding an API in the manage stage user has an option to set an auth > type for each resource [1]. > > Below I have mentioned the auth types available and the functionality of > auth types as i understood; > > 1. *Application* - once resource is given application auth type only > the access token of the application owner can be used to access the > particular resource. > > Once a resource is given Application auth type, it can only be accessed by an Application Access Token. If the Application Creator gets a token through the store UI, then the token becomes an Application Access Token. But if the same user gets it by calling token API, token is considered as a User Token. > > 1. *Application user* - Any registered user other *than application > owner* can generate access token using consumer key and secret of the > application and particular user's user credentials and can invoke resource > using the access token. > 2. *None * - No access tokens are required in order to access > resources having non auth type. > > Can someone please tell me whether above mentioned functionality is > correct, if so in a scenario where resource is given 'application user' > auth type why can't application owner act as an application user ? > > [1] > https://docs.wso2.com/download/attachments/41747085/API-resources.png?version=1&modificationDate=1410272431000&api=v2 > > ThankS & Regards, > Sewmini > > > Sewmini Jayaweera > *Software Engineer - QA Team* > Mobile: +94 (0) 773 381 250 > [email protected] > -- *Amila De Silva* WSO2 Inc. mobile :(+94) 775119302
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
