Skip approve/deny step while generating authorization code in auth code grant type

**patlollavishnu** · Apr 4th, 2012, 01:40 PM

Hi All,
We have a requirement like, not to show authorize/deny step while generating authorization code in auth code grant type for some limited clients.

Please suggest any approach to achieve this..

Thanks in advance.
Vishnu

**geertp** · Apr 5th, 2012, 02:07 AM

This sounds to me like the authorization code grant type is not the type you should use.
Client credentials would probably better fit your needs.

HTH.

Geert

**Dave Syer** · Apr 5th, 2012, 02:29 AM

Client credentials might be more appropriate (if the use case is to act as an application, not on behalf of a user). The spec doesn't deal in much detail with how to obtain user approval, so in s2-oauth there is a strategy UserApprovalHandler which you can inject into the AuthorizationEndpoint. Maybe a custom version that always approves authenticated requests from a whitelist of clients would be useful in this case. But you should be careful to ensure that the users know what is happening, if they are accessing their resources in an unusual (for them) channel.

Thread: Skip approve/deny step while generating authorization code in auth code grant type

Thread Tools

Display

Skip approve/deny step while generating authorization code in auth code grant type

Posting Permissions