I want to implement a web embed for the type “Open an assignment” in Constellation. I want to send the link as an email and the receiver to be able to open it without needing any authentication.
When I choose the authentication type as custom bearer O Auth is asking for activity.
I want to know how this can be implemented.
Thanks
You cannot open a Constellation “Open an assignment” web embed without authentication. Constellation DX API endpoints-which power web embeds require OAuth 2.0; anonymous access is not supported. The recommended approach is to keep the embed authenticated and, if you must deliver a “click-through” experience from email, use a short‑lived, one-time token (“magic link”) that results in an authenticated session with least privilege.
This is not supported in Constellation. Your requirement could be a security loop hole because anyone can create/open an assignment. You have to use one of the Authentication mechanism to suppor your requirement.
Worth checking this out for details on the custom bearer approach to authentication: Custom Bearer Grant Type
Key part is ensuring the link you are sending is secure, and the user clicking the link actually has access to that assignment.
Providing global public access by using the activity to just set an operator would not be recommended and as mentioned in other comments can cause security concerns - consider how you will decide if the user is actually allowed to click the link.
as others mentioned, anonymous access is not yet supported in Constellation. You need somehow authenticated users, custom bearer grant type might be the solution, but you need to be extra careful with implementaion.