THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
JWT Token can be JWE-encrypted and the encrypted string passed to ServerAccessToken as access token id parameter.
See JAX-RS JOSEJose wiki page for more information on how to sign and encrypt JSON Web Tokens.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
<bean id="oauthProvider" class="oauth2.manager.OAuthManager"/>
<bean id="accessTokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
<property name="dataProvider" ref="oauthProvider"/>
<property name="writeCustomErrors" value="true"/>
</bean>
|
OAuth2 and JOSE
See JAX-RS Jose wiki page for the information about JOSE and how it is supported in CXF,
//TODO: describe how Jose is used in CXF OAuth2
Design considerations
This section will talk about various design considerations one need to take into account when deploying OAuth-based solutions.
...