Announcement Announcement Module
Collapse
No announcement yet.
Userless access Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Userless access

    Looking for some guidance. I am building Rest API where some of our endpoints donít pertain to specific user information. Auth token is not required for these endpoints but I would still like for a consumer key's Client ID to be passed to the endpoint. Is there a grant type in OAuth that I should be using? or is this something to be done outside of OAuth manually in the controller.

  • #2
    OAuth2 has a client_credentials grant type, but if you don't mind sending the client id with every request I would suggest that HTTP Basic is more straightforward. The advantage of using OAuth2 would be the token management (expiry, revocation), but if you don't need that, there's not much point.

    Comment


    • #3
      I'd like to try client_credentials but don't know how to specify one. In my applicationContext-security.xml the only supported grand types are "Grant types that are authorized for the client to use (comma-separated). Currently defined grant types include "authorization_code", "password", "assertion", and "refresh_token". Default value is "authorization_code,refresh_token".

      I am using spring-oauth-version: 1.0.0.M3

      Comment


      • #4
        M5 was released quite a while ago, and there have been many changes (also to the spec, so the names are different). I would upgrade. Note that the OAuth2 support is in a separate jar file since M4.

        Comment

        Working...
        X