Anonymous/API Keys + OIDC
This is just a curiosity/architecture question, not running into a bug or anything!
My setup: BA as IDP/OIDC OP, downstream apps as OIDC RPs.
My use case: API protected by authentication against BA OIDC OP (all requests throw an error unless valid bearer/access token is present from authenticated user). Web app currently locked down to authenticated users, but want to open up some routes so users can fetch data only from the web app (i.e. not from cURL, postman, insomnia)
My question: Does the Anonymous plugin make sense when using OIDC auth flows? Or does it make more sense to use e.g. API keys plugin? Or something else for use case above?
My setup: BA as IDP/OIDC OP, downstream apps as OIDC RPs.
My use case: API protected by authentication against BA OIDC OP (all requests throw an error unless valid bearer/access token is present from authenticated user). Web app currently locked down to authenticated users, but want to open up some routes so users can fetch data only from the web app (i.e. not from cURL, postman, insomnia)
My question: Does the Anonymous plugin make sense when using OIDC auth flows? Or does it make more sense to use e.g. API keys plugin? Or something else for use case above?
