Announcement Announcement Module
No announcement yet.
OAuth 2.0 for Server to Server communication Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • OAuth 2.0 for Server to Server communication

    Can OAuth 2.0 / Spring OAuth be used for server to server communication? In the SOA world, there are a number of services that need to interact with each other and not necessarily involve interaction with any user agent or browser. For such use cases, can OAuth 2.0 be used in any form to secure the interactions between the services?

    If OAuth 2.0 isn't recommended, are there any standards out there for such a use case? And if yes, does Spring security support any such standard?


  • #2
    OAuth2 has client credentials grant. It might not be a reason to use OAuth2 on its own (e.g. you might be fine with a less centralized system with shared secrets), but it is there if you need it and are using OAuth2 anyway. I'm finishing a blog on why and when to use OAuth2, so I'll announce it here when it gets published (and also come along to SpringOne 2012 if you want to see the live version).


    • #3
      Thanks, I will look out for your post.