0

I'm having trouble understanding why only 2-legged authentication is allowed on certain OSS requests (for example GET bucket details, GET all buckets, POST a bucket). Why creating buckets or viewing buckets contents are considered to be application related (and hence just with 2-legged token accessible), but uploading a file to a bucket is user related and can be accessible also with a 3-legged token? From what I can see here the buckets (OSS) are on the last level, but still, the files are stored there, so in my opinion they are also user related. Can you give me an example of developer's resources (2-legged) vs user's resources (3-legged)?

Thanks,

Paul

Later edit: From what I've read here when the authentication context is app only, one should be able to authenticate also with 3-legged token.

app only: The endpoint accepts either a two-legged or three-legged token, but it will only act on behalf of the app itself, ignoring any permissions associated with the end user.

PaulMS
  • 21
  • 5

1 Answers1

0

You can gain access to a bucket with a 3-legged token, but it's a more involved process. There's a guide on the developer portal on uploading: https://developer.autodesk.com/en/docs/data/v2/tutorials/upload-file/

The "storage location" you can access with a 3-legged token is essentially a bucket internally. The only difference is that a bucket generated by the app developer (2-legged) cannot be shared with a user with a 3-legged token. There is some internal capability where bucket access can be granted or revoked but it's not for public consumption yet.

Shiya Luo
  • 208
  • 1
  • 6
  • Hi Shiya, I looked at the tutorial, you have access with a 3-legged token just to the upper levels (hubs, projects, folders, items). When it comes to OSS you just have 2-legged: - step 4 in the tutorial: upload a file - not in the tutorial: download a file (/buckets/:bucketKey/objects/:objectName) – PaulMS Apr 10 '17 at 07:45