Announcement Announcement Module
Collapse
No announcement yet.
OAuth2 and offline web based clients Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • OAuth2 and offline web based clients

    Hi,

    I've got some lack in clarity with the oauth2 mechanisim.

    I've got some thirdparty html5 clients which iteracts with my server using rest.
    Part of my api are opened, part are restricted to register clients and part are restricted to end users which use register clients.

    The clients themselves are browser based and all the client app is being ran on the broser interacting with my server using rest. Except for downloading the client app pages at first request the clients don't interact the their servers.

    How can I "attack" the two authentications needed. Shall I use two different tokens?
    Is it possible to manage using spring security oauth the the urls being intercepted dynamically?
    Is there any example except for the sparklr2/tonr2.

    Thanks.

  • #2
    Originally posted by netanel View Post
    How can I "attack" the two authentications needed. Shall I use two different tokens?
    If I understand the requirement, one token is a client_credentials grant (albeit from an untrusted client, which is unusual, but you can be careful with the access control probably), and the other is probably implicit grant (if I understood what you need).

    Is it possible to manage using spring security oauth the the urls being intercepted dynamically?
    I assume you mean on the server side? If so then that is what Spring Security is designed for, and you should find plety of features to help. I'm not sure what the requirement is though, so beyond that I'm not sure what else to say.

    Is there any example except for the sparklr2/tonr2.
    The Cloud Foundry UAA is a good example of an auth server (used heavily in production for quite some time now and open source): https://github.com/cloudfoundry/uaa. There are sample apps there as well.

    Comment

    Working...
    X