THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
JWT Token can be JWE-encrypted and the encrypted string passed to ServerAccessToken as access token id parameter.
See JAX-RS JOSEJose wiki page for more information on how to sign and encrypt JSON Web Tokens.
...
Code Block | ||||
---|---|---|---|---|
| ||||
<bean id="oauthProvider" class="oauth2.manager.OAuthManager"/> <bean id="accessTokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService"> <property name="dataProvider" ref="oauthProvider"/> <property name="writeCustomErrors" value="true"/> </bean> |
OAuth2 and JOSE
See JAX-RS Jose wiki page for the information about JOSE and how it is supported in CXF,
//TODO: describe how Jose is used in CXF OAuth2
Design considerations
This section will talk about various design considerations one need to take into account when deploying OAuth-based solutions.
...