[Apiman-user] OAuth with non public API
Eric Wittmann
eric.wittmann at redhat.com
Thu Jan 14 08:34:22 EST 2016
Hi Michele.
That is correct. Typically the end-user population is tied to the API
being invoked rather than the Client (software) being used to connect.
If that is not the case, then you could configure the OAuth policy on
the Client Application rather than on the API (Service). That way you
could have a different user population for each connecting client. If
that's your use-case I'd love to hear more about it. :)
-Eric
On 1/13/2016 3:05 PM, michele danieli wrote:
> When considering non public API and applying a OAuth authentication
> policy, the application identifier must be provided using the api_key as
> a header?
>
> If so, does not it means that the user authorized client and the actual
> api consumer application have no strict relationship?
>
>
> Thanks
> Michele
>
>
> _______________________________________________
> Apiman-user mailing list
> Apiman-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/apiman-user
>
More information about the Apiman-user
mailing list