HttpContext.Current.User not set automatically in INavigable when using OAuth authentication

Question

I'm not sure if I'm just doing something wrong, but the context user is not set in INavigable if you are using OAuth authentication (e.g. from a remote service). Cookie-based authentication seems to work fine from within the browser. Below is the work-around I came up with from just fumbling around in the underlying references, but I'm wondering if there's a better way to do it, or if it's a bug or something? 
 
 Thanks!

Ben Tiedt · Accepted Answer

Thank you. I see the issue now. 
 OAuth requests are not allowed for regular page requests. INavigable supports regular page requests only (so OAuth credentials are ignored). For page requests, AccessingUser is already populated at this point. 
 To enable OAuth authentication, you'll want to implement an API extension via the IRestEndpoints plugin type ( plugin type: https://community.telligent.com/community/11/w/api-documentation/65621/irestendpoints-v2-plugin-type , training article: https://community.telligent.com/community/11/w/developer-training/65113/exposing-data-to-external-sources ). Specifically, you'll want to register a REST endpoint using an override on the controller that takes a Action<IRestRequest,HttpResponse> handler--this will allow you to write raw data on the response instead of using the regular REST JSON/XML serializer. 
 API extensions will honor OAuth authentication headers.

Ben Tiedt · Answer

You should use Apis.Get<IUsers>().AccessingUser ( https://community.telligent.com/community/11/w/api-documentation/64105/users-in-process-api-service ) to detect the user who accessing the community in this context.