Re: [Apiman-user] OAuth with non public API
Hi Michele.
That is correct. Typically the end-user population is tied to the API
being invoked rather than the Client (software) being used to connect.
If that is not the case, then you could configure the OAuth policy on
the Client Application rather than on the API (Service). That way you
could have a different user population for each connecting client. If
that's your use-case I'd love to hear more about it. :)
-Eric
On 1/13/2016 3:05 PM, michele danieli wrote:
When considering non public API and applying a OAuth authentication
policy, the application identifier must be provided using the api_key as
a header?
If so, does not it means that the user authorized client and the actual
api consumer application have no strict relationship?
Thanks
Michele
_______________________________________________
Apiman-user mailing list
Apiman-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/apiman-user