This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.
Spring Social has always depended on the official Spring Security OAuth project, it's never implemented its own OAuth library of any sort.
One thing Spring Social does support is the ability to use the Scribe OAuth 1.0 client library as an alternative, which could be preferred in a constrained resource environment such as Android phone due to its small footprint. Scribe is only ever enabled if it is present in your classpath and Spring Security OAuth is not.
Ryan, one thing you might want to consider in future versions of Spring Security OAuth is factoring out the server (provider) piece out from the client/consumer piece, so when the a OAuth client is needed in a mobile environment such as Android, the server piece wouldn't also be present.
I am new to OAuth and Spring Social ; just wanted to understand how much of the authentication is taken care by Spring Social and how much the client (which uses SS) should do. In basic terms, is it possible to pass the username, password and list of permissions to Spring Social and have it return the accessToken (in case of FB) or should the client have the fb:login window which takes care of authenticating and redirecting to a specified URL with the accessToken which can then be passed to Spring for invoking the APIs. Please clarify.