![]() That should be obvious, but I'm telling you because you seem to be a little off-track with your ideas about ExtractVariables and so on. Identifies the client that is making the request. You don't need ExtractVariables or AssignMessage.īe aware that exposing an API proxy that does not have a VerifyAccessToken policy (or VerifyAPIKey, etc) means that any client can call it. The accessToken resource returned from a refresh request will not contain a refreshtoken. If you want to allow the client to send in a request that has no authorization, then. I don't see how those policies have anything to do with your stated goal. I asked somebody they said you can do this using Extract variable and Assign message policy. For some reason when I attempt to go live to a Verified Facebook Page, I get this error: A user access token is required to request this resource. What is the point of dispensing a token to the client if the client won't subsequently use it? How will you then distinguish between authorized calls and anonymous calls if the client doesn't send a token? Hit the following request: Get resource request curl -X GET -H 'authorization: Bearer 59ddb16b-6943-42f5-8e2f-3acb23f8e3c1' It will return the response. Generating a token and sending it back to the client, only to later. Once we have the access token, we can go to the resource server to fetch protected user data. Do not include a policy like VerifyAccessToken in your proxy. Yes, well, If you don't want to require authorization, then don't configure your apiproxy to require it. I want my client got response without authorization
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |