Typical CXF OAuth2 Implementation Flow


Securing Restful Web Services with OAuth2

1. TYPICAL AUTHORIZATION SCENARIO

1.1. TYPICAL REQUEST
1.1.1. REQUEST URI
http://localhost:8080/oauth2/authorize?response_type=code&client_id=1&scope=read_user_profile&redirect_uri=http://localhost:8080/transport/authorization/code
Client_id: Represents the id of the client application requesting authorization.
Scope: Represents the scope of permission that is required
Response_type: The client specifies that it is seeking an authorization code in return.
Redirect_uri: The URI that will be used by the authorization server to post the generated authorization code.

1.1.2. REQUEST HEADER
The request header shall look like:
Http-Method: GET
Headers: {
Accept= [text/html,application],
Authorization= [Basic YmFycnlAc29jaWFsLmNvbToxMjM0],

The Authorization Header wraps the encoding of the client id and client secret.

1.2. TYPICAL FLOW

Typical Authorization Request Sequence 2. TYPICAL ACCESS TOKEN GRANT SCENARIO
The following scenario describes the way how and access token can be retrieved, based on the Authorization Code Grant type described above. Alternative flows can take place according to the Grant Type supplied in the Access Token Request

2.1. TYPICAL REQUEST

2.1.1. REQUEST URI
http://localhost:9999/oauth2/token

2.1.2. REQUEST HEADER
Address: http://localhost:9999/oauth2/token

View original post 140 more words