Hi, Unfortunately, you can't. The OAuth protocol version 2.0 has four flows (called grant types) and only one is currently supported by the CAS server (the authorization code one).
You could do what you proposed, but I don't recommend it at all. The fact that the access token is currently the TGT is an implementation detail and could / will likely be changed in the future versions. Refresh tokens are not implemented as well. As I may have already said, I've started some work on using Spring Security OAuth (based on a previous attempt), but I haven't been able to go farther enough (it"s pretty complicated). If someone has a better alternative or a better knowledge of Spring Security OAuth, we could maybe make it soon. Best regards, Jérôme LELEU Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org 2014-09-05 11:11 GMT+02:00 Ka Lam <kalam.c...@znap.com>: > Hi all > > Reading lots of pages here and still get no idea if I can do Oauth on CAS > without UI? > > I read that the access token is actually the granting ticket, so can i do > this: > 1. Call RESTful API to get TGT ( > https://wiki.jasig.org/display/CASUM/RESTful+API) > 2. Call /oauth2.0/profile to get profile of user > > Any comments are appreciated. > > And where can I find more about OAuth on CAS? like refresh token? > > I am using CAS 3.5.1 > -- > You are currently subscribed to cas-dev@lists.jasig.org as: > lel...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
