Announcement Announcement Module
No announcement yet.
JSONP with token endpoint Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • JSONP with token endpoint

    I am building a javascript sandbox for a rest api that uses spring-security-oauth for authorization. I'd like to be able to make a request to the authorization server token endpoint and get back a token. There are cross-domain issues with just directly posting, so I am wondering if it is possible to modify the token endpoint to return the token in jsonp format. It doesn't appear to be currently supported. Could I just extend TokenEndpoint?

  • #2
    You could, but that's probably not the best way because the TokenEndpoint deals with objects (OAuth2AccessToken and @ResponseBody) not JSON. The JSON is generated by an HttpMessageConverter (a MappingJackson*HttpMessageConverter) which is where you should be adding custom behaviour. They can be registered in <mvc:annotation-driven/> if you are using XML, and in the corresponding callback in @EnableWebMvc if not.

    If your client is JavaScript you are supposed to use implicit grant though, and get the token from the redirect that comes from the AuthorizationEndpoint. Is that not working for you?


    • #3
      Thanks Dave, that is very helpful. The reason I am not using the implicit grant is that token requests for the api use a jwt bearer token flow, and I am building a sandbox that allows developers to create a jwt assertion, request an oauth token with the assertion, and then make test requests to the api, all in javascript. The goal is to replicate the same auth flow that will be required for their client implementations.


      • #4
        Another option might be to add a HandlerMethodReturnValueHandler. That's probably the cleanest way to render your response, given that it's just a decoration of an existing one.