Welcome to the Panopto Community

Please note: All new registrants to the Panopto Community Forum must be approved by a forum moderator or admin. As such, if you navigate to a feature that is members-only, you may receive an error page if your registration has not yet been approved. We apologize for any inconvenience and are approving new members as quickly as possible.

OAuth2 without basic auth. (2019-08-26)

Caitlin McCabeCaitlin McCabe Administrator

Original Poster: Lucas Goossen, August 26, 2019 at 2:21 PM

I am working on a iOS client and would like to use the Apple provided ASWebAuthenticationSession. It does not provide a way to add the Basic Auth header. Without using ASWebAuthenticationSession I would have to pop out to Safari and back. This is not ideal. We are using this app in Single App Mode.

I am not super versed in these industry standards, but using this basic auth header on top of OAuth2 seems "interesting".

I am able to use the Panopto api when authenticating via the old SOAP way. But, in this situation I need to handle the user creds myself. I would like to avoid that liability.

My question is:

Is there a way to use OAuth2 without the basic auth header?


Responses

Kevin Baum, Moderator, September 4, 2019 at 2:21 PM

Hi Lucas,

Yes, it is possible to use OAuth2 without using the basic authorization header. You can create a JavaScript Web Application client that will allow you to get an access token without sending an additional header, and without requiring a client secret value to be stored in your app. This will still return an access token, but does not allow for refreshing that token when it expires.

If you need the ability to refresh the tokens without the user logging in again, please contact your Customer Success Advocate to discuss your project in more detail.

Thanks,

Kevin

Tagged:
Sign In or Register to comment.