brockallen
commented
10 years ago Only if authentication doesn't ask for user authentication. :)
Closed gerryddm closed 10 years ago
brockallen
commented
10 years ago Only if authentication doesn't ask for user authentication. :)
gerryddm
commented
10 years ago sorry, since I'm really new to the topic, could you please explain how to do that?
brockallen
commented
10 years ago Well, it was meant to be tongue-in-cheek.
I guess you need to answer some questions: do you need authentication? If not, then why use AS at all? If so, then how do you determine who the user is without asking them? -- this might be possible, but you need to provide more context.
mattiaaccornero
commented
10 years ago Is it possible to split AS authentication and User Authentication?
gerryddm
commented
10 years ago @brockallen: at the moment I need to secure some generic API resources that don't need user authentication, I just want to authenticate clients. In the near future I will need user authentication as well.
brockallen
commented
10 years ago If you just want to authenticate the client then look into the client credentials flow.
gerryddm
commented
10 years ago I need to implement implicit flow because some of these API are gonna be called from public clients (js apps).
brockallen
commented
10 years ago Well, that's not really going to work then if you think about it...
hi,
I'm trying an implementation of AS with Identity Server v2 and a Web API v2 resource server. Is there a way to use implicit flow grant without asking for user authentication?