/ Integration Zone
Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

OAuth and Authentication Type: Application vs Application User

DZone's Guide to

OAuth and Authentication Type: Application vs Application User

This article explains two options for authentication for resources in the API Cloud: Application and Application User type.

by
·
Jul. 05, 17 · Integration Zone ·
Free Resource

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

SnapLogic is the leading self-service enterprise-grade integration platform. Download the 2018 GartnerMagic Quadrant for Enterprise iPaaS or play around on the platform, risk free, for 30 days.

In the 3rd step of editing APIs in WSO2 API Cloud, you can set the required authentication type for each resource:

Image title

We have already covered None as the option to allow invoking APIs without any authentication whatsoever.  Today we will discuss the other options.

The Application type means that the API will require OAuth tokens generated with client grant type. That grant type produces tokens specific to the subscription but not the end-users.

So if there is a web- or mobile application that subscribed to this API and it has multiple end-users, they will all be sharing the same token and the API backend will not “know” which end-user is invoking the API:

The Application User type means that the API accepts OAuth tokens generated with password grant type. These tokens are specific to the end-user – they require not just the application key but also end-user’s username and password.

In this case, each end-user gets their own OAuth tokens even though they are using the same API subscription. The API Gateway then generates a JWT token and uses it to pass application and user information to the API backend:

Application and Application User type means that both kinds of tokens are acceptable by the API.

With SnapLogic’s integration platform you can save millions of dollars, increase integrator productivity by 5X, and reduce integration time to value by 90%. Sign up for our risk-free 30-day trial!

Like This Article? Read More From DZone

SAML vs. OAuth: Which One Should I Use?
Custom OAuth 2 Authentication in Apigility
Basics of Security in Oracle Mobile Cloud Service

Free DZone Refcard

RESTful API Lifecycle Management
DOWNLOAD
Topics:
integration ,authentication ,oauth

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

Integration Partner Resources

A Comprehensive Guide to the Enterprise Integration Cloud
White paper: Will the Data Lake Drown the Data Warehouse?
The Future of Enterprise Integration: Data Virtualization
The Definitive Guide to API Integrations: Explore API Integrations Below the Surface [eBook]
The State of API Integration 2018 [Report]
O'Reilly Microservice Architecture Book: Aligning Principles, Practices and Culture
Gartner Critical Capabilities Report
Modernizing Application Architectures with Microservices and APIs
Analyst Report: The Death of Traditional Data Integration

Integration Partner Resources

A Comprehensive Guide to the Enterprise Integration Cloud
White paper: Will the Data Lake Drown the Data Warehouse?
The Future of Enterprise Integration: Data Virtualization
The Definitive Guide to API Integrations: Explore API Integrations Below the Surface [eBook]

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone