Versions Compared

Old Version 12

changes.mady.by.user Don Bakke

Saved on

compared with

New Version 13

changes.mady.by.user Don Bakke

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The purpose of this list is to allow requests between trusted servers to be processed automatically. A common example of this is with OAuth. OAuth works when the server you are trying to access makes a request of a requests an access token from a 3rd party (e.g., Facebook, Google, Microsoft, etc.) for an access token. This access token grants the requesting server access to various resources on the 3rd party platform (also known as the aka identity provider) platform. This The negotiation between the requesting server and the identity provider is handled behind the scenes through trusted URLs. Since an identity provider cannot be expected to know how to authenticate itself to any each and every requesting server, it is expected that the requesting server provides provide at least one URL that can be reached without any authentication.

Another use for a non-authenticated URL is for ping tests. Granted, any URL could be used for ping testing, but these will only return a generic 401 (Unauthorized) response. If you want to return a specific response, then create an API for it and add it to the list of non-authenticated URLs.