Hi Amila and Sanjeewa, Thank you for the clarifications.
Best Regards, Sewmini Jayaweera *Software Engineer - QA Team* Mobile: +94 (0) 773 381 250 [email protected] On Tue, Mar 31, 2015 at 11:23 AM, Sanjeewa Malalgoda <[email protected]> wrote: > If application owner requested user token for his own application he will > get application token instead of user token. > So you may consider as application owner and token will be application > token. > Then you may not be able to access resource specified with application > user access level. > And application owner accessing APIs as application user is very rare in > real use cases. > > Thanks, > sanjeewa. > > On Tue, Mar 31, 2015 at 11:18 AM, Sewmini Jayaweera <[email protected]> > wrote: > >> Hi Amila, >> >> Once we have specified resource auth type as 'application user', can >> application owner invoke token API get a access token and invoke the >> particular resource? In that scenario application owner will also be >> considered as another application user and should be able to invoke the >> resource is it? >> >> Sewmini Jayaweera >> *Software Engineer - QA Team* >> Mobile: +94 (0) 773 381 250 >> [email protected] >> >> On Tue, Mar 31, 2015 at 10:59 AM, Amila De Silva <[email protected]> wrote: >> >>> Hi Sewmini, >>> >>> On Tue, Mar 31, 2015 at 10:39 AM, Sewmini Jayaweera <[email protected]> >>> wrote: >>> >>>> Hi, >>>> >>>> When adding an API in the manage stage user has an option to set an >>>> auth type for each resource [1]. >>>> >>>> Below I have mentioned the auth types available and the functionality >>>> of auth types as i understood; >>>> >>>> 1. *Application* - once resource is given application auth type >>>> only the access token of the application owner can be used to access the >>>> particular resource. >>>> >>>> Once a resource is given Application auth type, it can only be accessed >>> by an Application Access Token. If the Application Creator gets a token >>> through the store UI, then the token becomes an Application Access Token. >>> But if the same user gets it by calling token API, token is considered as a >>> User Token. >>> >>>> >>>> 1. *Application user* - Any registered user other *than application >>>> owner* can generate access token using consumer key and secret of >>>> the application and particular user's user credentials and can invoke >>>> resource using the access token. >>>> 2. *None * - No access tokens are required in order to access >>>> resources having non auth type. >>>> >>>> Can someone please tell me whether above mentioned functionality is >>>> correct, if so in a scenario where resource is given 'application user' >>>> auth type why can't application owner act as an application user ? >>>> >>>> [1] >>>> https://docs.wso2.com/download/attachments/41747085/API-resources.png?version=1&modificationDate=1410272431000&api=v2 >>>> >>>> ThankS & Regards, >>>> Sewmini >>>> >>>> >>>> Sewmini Jayaweera >>>> *Software Engineer - QA Team* >>>> Mobile: +94 (0) 773 381 250 >>>> [email protected] >>>> >>> >>> >>> >>> -- >>> *Amila De Silva* >>> >>> WSO2 Inc. >>> mobile :(+94) 775119302 >>> >>> >> > > > -- > > *Sanjeewa Malalgoda* > WSO2 Inc. > Mobile : +94713068779 > > <http://sanjeewamalalgoda.blogspot.com/>blog > :http://sanjeewamalalgoda.blogspot.com/ > <http://sanjeewamalalgoda.blogspot.com/> > > >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
