konstjar
commented
1 year ago Alternative option would be to enable additional authentication type on WebAPI (eg "db") method.
Closed RowanErasmus closed 1 year ago
konstjar
commented
1 year ago Alternative option would be to enable additional authentication type on WebAPI (eg "db") method.
RowanErasmus
commented
1 year ago Thanks for your fast response, the db method is indeed what I also considered (after hitting the wall on my initial attempts to get it working) but I have a rather strong preference for keeping all the user management (incl. system users) in a single place. Also we are looking at a scenario where users access WebAPI through R code and we would principally like to know who is doing what without giving everybody extra credentials in the WebAPI db...
Hi,
We have WebAPI running secured with OpenID Connect and would like to access WebAPI directly from another application (so not through the UI). As far as I can tell (and of what I have tested) the current OIDC implementation only allows the code flow (indirect client) through which the user gets redirected and must enter their credentials, this is not workable for connecting from another app.
The pac4j documentation suggest to use a 'HeaderClient' for this scenario, I have implemented and tested this and it seems to work.
However, before opening a pull request etc. I though maybe to check if anybody had a way to work this without having to make code changes.
Thanks!