Hi all,
I am trying to design a set of server APIs to follow the oauth implicit
flow. My main referring document is this one
http://cxf.apache.org/docs/jax-rs-oauth2.html. I am using the sample
project at
https://github.com/Talend/tesb-rt-se/tree/master/examples/cxf/jaxrs-oauth2as
the starting point.
It seems to me it would be a simple task to modify the sample app to use
the implicit flow instead of the authorization grant flow.
I updated the socialApp.xml to use the implicitGrantService
<bean id="oauthAuthorizeService"
class="org.apache.cxf.rs.security.oauth2.services.ImplicitGrantService ">
<property name="dataProvider" ref="oauthProvider"/>
</bean>
and then the restaurantReserve.xml to use the corresponding endpoint for
the new flow:
<bean id="oauthClient" class="oauth2.thirdparty.OAuthClientManager">
<!--changed to use authrorize-implicit-->
<property name="authorizationURI" value="http://localhost:
${http.port}/services/social/authorize-implicit"/>
<property name="accessTokenService" ref="atServiceClient"/>
</bean>
After those changes, I expected some errors, most likely in the client side
in the restauranatReserveServiceClass. As I can see it expects the
authorize code to exchange for access toke.
However, the error I got is unsupported_response_type.
Sample response:
Headers: {Location=[
http://localhost:8080/services/reservations/reserve/complete#state=1&error=unsupported_response_type
]
I debugged the code and found out that the response_type=code, whereas the
supported type is token.
I then changed back to authorizationGrant, only found that the
response_type is still code but the supported type matches.
I understand the error -- "code" might mean the authorization code, which
is the 1st step in the authorization flow.
But I have no idea how the response_type is set and by whom.
Any help will be appreciated. It would be idea if there is a working
example for such flow.
Many thanks,
