Implicit authentication

Implicit authentication can be used to authenticate users without explicitly interaction with a user. With this feature enabled, users can be authenticated implicitly at any time if they have previously registered with their device. This is feature can be useful for fetching personal data your users expect to be easily accessible. More sensitive data can then be accessed by authenticating the user with an authenticator.

A resource gateway can validate an implicit access token using token introspection.

Enable implicit authentication

To enable implicit authentication for your app, first head over to Configuration > Applications in your Token Server admin. Once there you can create a new application or editing one existing. Either way, to enable implicit authentication, follow these steps.

  • Under OAuth settings, enable the 'User Registration' flow.
  • Under User authentication, enable 'Implicit authentication'.

The User Registration flow must be enabled so users can register before using implicit authentication.