Hi, When adding an API in the manage stage user has an option to set an auth type for each resource [1].
Below I have mentioned the auth types available and the functionality of auth types as i understood; 1. *Application* - once resource is given application auth type only the access token of the application owner can be used to access the particular resource. 2. *Application user* - Any registered user other *than application owner* can generate access token using consumer key and secret of the application and particular user's user credentials and can invoke resource using the access token. 3. *None * - No access tokens are required in order to access resources having non auth type. Can someone please tell me whether above mentioned functionality is correct, if so in a scenario where resource is given 'application user' auth type why can't application owner act as an application user ? [1] https://docs.wso2.com/download/attachments/41747085/API-resources.png?version=1&modificationDate=1410272431000&api=v2 ThankS & Regards, Sewmini Sewmini Jayaweera *Software Engineer - QA Team* Mobile: +94 (0) 773 381 250 sewm...@wso2.com
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
