spring - Is OAuth user approval the same as user authentication? -


trying lookup autoapprove in spring boot oauth, , there's question here titled skip oauth user approval in spring boot oauth2 talks it. user approval same thing user authentication. in other words when autoapprove set true the client, user authentication skipped?

authentication , approval not same, see rfc6749:

4.1.1. authorization request

[...] authorization server validates request ensure required parameters present , valid. if request valid, authorization server authenticates resource owner , obtains authorization decision (by asking resource owner or establishing approval via other means).

when decision established, authorization server directs user-agent provided client redirection uri using http redirection response, or other means available via user-agent.

spring oauth2's autoapprove skips approval (establishing approval via other means), see userapprovalhandler.html#checkforpreapproval:

provides hook allowing requests pre-approved (skipping user approval page). implementations may allow users store approval decisions have approve site once. method called in authorizationendpoint before sending user approval page. if method sets oauth2request.approved true, approval page skipped.

see also:


Comments

Popular posts from this blog

resizing Telegram inline keyboard -

command line - How can a Python program background itself? -

php - "cURL error 28: Resolving timed out" on Wordpress on Azure App Service on Linux -