THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Alternatively create a custom AccessTokenGrantHandler and register it with AccessTokenService. Additionally, consider providing a related AccessTokenGrant implementation for making it easy for the client code to request a new access token with this custom grant.
Redirection Flow Filters
AuthorizationCodeRequestFilter implementations can be registered with AuthorizationCodeService in order to pre-process code requests. For example, JwtRequestCodeFilter can be used to process JWS-signed or JWE-encrypted code requests.
AuthorizationCodeResponseFilter implementations can be registered with AuthorizationCodeService in order to post-process code responses.
AccessTokenResponse Filters
AccessTokenResponseFilter implementations can be registered with AccessTokenService in order to post-process access token responses. For example, OIDC id_token can be added to a response with a filter. Filters can also calculate an access token response signature, etc.
PreAuthorized access tokens
...
Additionally the endpoint managing the 3rd party clients will deploy a resource which will offer a resticted URI space support. For example, if the application will only allow 3rd party clients to read calendars then this resource will only have a method supporting @GET and "/calendar/{id}".
OAuth2 and JOSE
Single Sign On
When dealing with authenticating the end users, having an SSO solution in place is very handy. This is because the end user interacts with both the third-party and its resource server web applications and is also redirected from the client application to the resource server and back again. Additionally, the end user may need to authenticate with Authorization service if it is not collocated with the application endpoints. OpenID or say a WebBrowser SSO profile can help.
...