Announcement Announcement Module
Collapse
No announcement yet.
How define what are the protected resources ? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • How define what are the protected resources ?

    How define can i define on provider side the resources that need to be access passing an access token ?
    The tonr and sparklr examples does not need to pass token to access the photos, only require login in sparklr (the provider).
    For example, in facebook, to get my friends we have pass a token in url
    https://graph.facebook.com/me/friend...token=MY_TOKEN

    i f i access https://graph.facebook.com/me/friends I got "An active access token must be used to query information about the current user." in a JSON.
    How can i provide this behavior with spring ?

  • #2
    for example

    On sparklr app we can access a photo by http://localhost:8080/sparklr/rest/jpg/photo/1
    without passing a token.
    So, why use oauth 2 here ? if we can get any photo, and any app can get too.
    I think, the correct way, would be require a token
    http://localhost:8080/sparklr/rest/j...ss_token=XXXXX
    So, how can i configure a resource to do this... ?

    Comment


    • #3
      The token in the request parameter would work, but the reason you can access it without a request parameter is because you're passing it into the Authorization header.

      See http://tools.ietf.org/html/draft-iet...2-18#section-7

      Comment


      • #4
        So how spring client access a resource ?
        Where it pass the access_token, on url ?
        I'm trying to get the original request that spring build when we execute, for example:

        restTemplate.getForObject(URI.create(fullResourceU RL), byte[].class)

        thanks!

        Comment


        • #5
          Ok

          Ok, how stoicflame said the token is passed on a header.
          For example....

          req.getHeaders().add("Authorization", String.format("OAuth2 %s",accessToken.getValue()));

          thanks! my doubt is solved.

          Comment

          Working...
          X