THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
JWT Token can be JWE-encrypted and the encrypted string passed to ServerAccessToken as access token id parameter.
See JSON Web Tokens JAX-RS JOSE wiki page for more information on how to sign and encrypt JSON Web Tokens.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
<bean id="oauthProvider" class="oauth2.manager.OAuthManager"/>
<bean id="accessTokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
<property name="dataProvider" ref="oauthProvider"/>
<property name="writeCustomErrors" value="true"/>
</bean>
|
OAuth2 and JOSE
TODO
Design considerations
This section will talk about various design considerations one need to take into account when deploying OAuth-based solutions.
...
Additionally the endpoint managing the 3rd party clients will deploy a resource which will offer a resticted URI space support. For example, if the application will only allow 3rd party clients to read calendars then this resource will only have a method supporting @GET and "/calendar/{id}".
...
Single Sign On
When dealing with authenticating the end users, having an SSO solution in place is very handy. This is because the end user interacts with both the third-party and its resource server web applications and is also redirected from the client application to the resource server and back again. Additionally, the end user may need to authenticate with Authorization service if it is not collocated with the application endpoints. OpenID or say a WebBrowser SSO profile can help.
...