Reputation: 1
Can we use Application Client ID + Client Secret instead of Tokens
I want to use the combination of Application's Client ID + Client Secret for API Authentication instead of an OAuth Token.
Is it possible to do this with API Manager 4.x?
Upvotes: 0
Views: 734
Answers (2)
Reputation: 505
Alternatively, you can write a custom handler to achieve this use case.
Upvotes: 1
Reputation: 4001
Yes, that is the recommended way of getting an access token. You have to use the client id and secret, then generate and access token using those.
This is a general practice and all the API Manager versions do support this capability.
Update: You cannot just use client id and secret for authentication. The API Gateway is unable to authenticate the request with those credentials. Instead of client id and secret you can use an API key which has an infinite expiry time.
Upvotes: 0
Related Questions
- How to implement Oauth2 without sending client_secret in WSO2 APIM
- Requesting Access Token from WSO2 API Manager via Token API
- WSO2 API Manager: Can Consumer Key & Consumer Secret be exposed
- WSO2 api manager - How to manage application key and secret by multiple developers
- wso2 calling API's without token
- Server to Server Authentication in wso2 API manager
- WSO2 : application and users
- WSO2 Api Manager using 3rd party authentication service to generate access tokens
- WSO2 APIM Authentication
- WSO2 API Manager Authentication