Implicit authentication can be used to authenticate users without explicitly interaction with a user. With this feature enabled, users can be authenticated implicitly at any time if they have previously registered with their device. This is feature can be useful for fetching personal data your users expect to be easily accessible. More sensitive data can then be accessed by authenticating the user with an authenticator.
A resource gateway can validate an implicit access token using token introspection.
Enable implicit authentication
To enable implicit authentication for your app, first head over to
Applications in your Token Server admin. Once there you can create a new
application or editing one existing. Either way, to enable implicit authentication, follow these steps.
- Under OAuth settings, enable the 'User Registration' flow.
- Under User authentication, enable 'Implicit authentication'.
The User Registration flow must be enabled so users can register before using implicit authentication.