Announcement Announcement Module
No announcement yet.
Whether to support the user agent Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Whether to support the user agent

    On spring-oauth2 Here are a few questions:
    1. whether to support the user agent, such as javascript?
    2. whether you can use to achieve their own user authentication?
    3. If you can use to achieve their own client authentication?
    4. Whether you can customize the format to return (default returns JSON format)?
    Thank you reply!

  • #2
    1. Spring Security OAuth is a Java framework. We don't provide a Javascript library, but if you have one that works with an existing OAuth provider, then I imagine it will work with a provider implemented using Spring Security. Please provide details of what you are using if it doesn't work.

    2. User authentication is the job of Spring Security (core features). OAuth is not really an authentication protocol, but it acts as a facade for the core features, in the sense that a user that is not authenticated cannot obtain an access token. For instance, the "password" grant type could be used if you just need to authenticate against a UserDetailsService.

    3. Not sure I understand this one. Can you explain what you need to do?

    4. I believe the OAuth2 specification requires JSON. I don't know if it allows for alternate formats, but if it does please post a link. It probably wouldn't be terribly hard to support, but there doesn't seem much point if the spec only allows for JSON.


    • #3
      Thank you for your reply!
      Maybe my question was inaccurately expressed. My demands are:
      1. It must use javascript to achieve oauth2 client throughout the process,
      so that exist a cross-domain issues, but it can be achieved with jquery of the getJSON,
      meanwhile getJSON demands the format to return to must be callback(data) format,
      which must be modified to return the data format .

      2. User authentication must use my ways to achieve.
      I want to know whether it could be extended?
      And how could i do?

      3. Client-side authentication must use my ways to achieve.
      I want to know whether it could be extended?
      And how could i do?


      • #4
        1. You can always add a servlet filter to enhance the output with the callback. I would prefer that approach since it is really cross cutting and not really to do with the basic features of the framework. We could even add such a feature to the framework, but I don't think it will be easy to justify if we don't have a spec or an existing use case from a big provider on the internet. Is anyone already providing this feature in an OAuth2 provider? How does the client negotiate the callback wrapping with the server?

        2. Don't get it yet. The normal practice (as per the samples in the project) is to use standard Spring Security features on the authorization server to provide authentication.

        3. Ditto. Don't get it. By "client" do you mean the OAuth2 sense of "client" (i.e. the browser in your case I guess)? What are "your ways"?