In order to call an API you need to consent to the appropriate permissions. As a user, this is important because you need to verify what the application is trying to access. There are ways to avoid the consent by using an Admin to consent on behalf of the whole org (usually in B2B,SaaS applications). This way, a web app can acquire tokens for an API silently without prompting the user...It's all about security
I had the same question. Not so much in regards to reduce the number of user steps, but in terms of implementing automated testing on your WebApp / WebApi.
Ex: integration testing a given Api where there are restrictions on who can see what or read/write permissions per user.
If I'm building an automated test to assert UserA and update a value and UserB can't, how does one circumvent the confirmation screen and just get the aothToken for the given user?
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
In order to call an API you need to consent to the appropriate permissions. As a user, this is important because you need to verify what the application is trying to access. There are ways to avoid the consent by using an Admin to consent on behalf of the whole org (usually in B2B,SaaS applications). This way, a web app can acquire tokens for an API silently without prompting the user...It's all about security
I had the same question. Not so much in regards to reduce the number of user steps, but in terms of implementing automated testing on your WebApp / WebApi.
Ex: integration testing a given Api where there are restrictions on who can see what or read/write permissions per user.
If I'm building an automated test to assert UserA and update a value and UserB can't, how does one circumvent the confirmation screen and just get the aothToken for the given user?