If application owner requested user token for his own application he will get application token instead of user token. So you may consider as application owner and token will be application token. Then you may not be able to access resource specified with application user access level. And application owner accessing APIs as application user is very rare in real use cases.
Thanks, sanjeewa. On Tue, Mar 31, 2015 at 11:18 AM, Sewmini Jayaweera <[email protected]> wrote: > Hi Amila, > > Once we have specified resource auth type as 'application user', can > application owner invoke token API get a access token and invoke the > particular resource? In that scenario application owner will also be > considered as another application user and should be able to invoke the > resource is it? > > Sewmini Jayaweera > *Software Engineer - QA Team* > Mobile: +94 (0) 773 381 250 > [email protected] > > On Tue, Mar 31, 2015 at 10:59 AM, Amila De Silva <[email protected]> wrote: > >> Hi Sewmini, >> >> On Tue, Mar 31, 2015 at 10:39 AM, Sewmini Jayaweera <[email protected]> >> wrote: >> >>> Hi, >>> >>> When adding an API in the manage stage user has an option to set an auth >>> type for each resource [1]. >>> >>> Below I have mentioned the auth types available and the functionality of >>> auth types as i understood; >>> >>> 1. *Application* - once resource is given application auth type only >>> the access token of the application owner can be used to access the >>> particular resource. >>> >>> Once a resource is given Application auth type, it can only be accessed >> by an Application Access Token. If the Application Creator gets a token >> through the store UI, then the token becomes an Application Access Token. >> But if the same user gets it by calling token API, token is considered as a >> User Token. >> >>> >>> 1. *Application user* - Any registered user other *than application >>> owner* can generate access token using consumer key and secret of >>> the application and particular user's user credentials and can invoke >>> resource using the access token. >>> 2. *None * - No access tokens are required in order to access >>> resources having non auth type. >>> >>> Can someone please tell me whether above mentioned functionality is >>> correct, if so in a scenario where resource is given 'application user' >>> auth type why can't application owner act as an application user ? >>> >>> [1] >>> https://docs.wso2.com/download/attachments/41747085/API-resources.png?version=1&modificationDate=1410272431000&api=v2 >>> >>> ThankS & Regards, >>> Sewmini >>> >>> >>> Sewmini Jayaweera >>> *Software Engineer - QA Team* >>> Mobile: +94 (0) 773 381 250 >>> [email protected] >>> >> >> >> >> -- >> *Amila De Silva* >> >> WSO2 Inc. >> mobile :(+94) 775119302 >> >> > -- *Sanjeewa Malalgoda* WSO2 Inc. Mobile : +94713068779 <http://sanjeewamalalgoda.blogspot.com/>blog :http://sanjeewamalalgoda.blogspot.com/ <http://sanjeewamalalgoda.blogspot.com/>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
