Announcement Announcement Module
Collapse
No announcement yet.
Skip approve/deny step while generating authorization code in auth code grant type Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Skip approve/deny step while generating authorization code in auth code grant type

    Hi All,
    We have a requirement like, not to show authorize/deny step while generating authorization code in auth code grant type for some limited clients.

    Please suggest any approach to achieve this..

    Thanks in advance.
    Vishnu

  • #2
    This sounds to me like the authorization code grant type is not the type you should use.
    Client credentials would probably better fit your needs.

    HTH.

    Geert

    Comment


    • #3
      Client credentials might be more appropriate (if the use case is to act as an application, not on behalf of a user). The spec doesn't deal in much detail with how to obtain user approval, so in s2-oauth there is a strategy UserApprovalHandler which you can inject into the AuthorizationEndpoint. Maybe a custom version that always approves authenticated requests from a whitelist of clients would be useful in this case. But you should be careful to ensure that the users know what is happening, if they are accessing their resources in an unusual (for them) channel.

      Comment

      Working...
      X