Hi
On 17/07/14 11:47, Richard Snowden wrote:
Do we have support for OAuth 2.0 in CXF for the server side? I mean for a
custom Authorization Server?
Yes, see http://cxf.apache.org/docs/jax-rs-oauth2.html.
The idea is that a developer focuses only on persisting the token and
grant details. Check "CXF OAUth2" in Google, you will get a link to the
demo shipped with Talend distro. We have plans to ship few more demos
directly in CXF in time.
For a more framework neutral approach I recommend trying Apache Oltu.
It's nice to use Google or Facebook for some examples, but in real world
scenarios I assume we mostly need to authenticate/authorize via custom
Identity Management Systems.
The "authentication" is a rather ambiguous term when we talk about
OAuth2. A user authorizing the 3rd party client application needs to
authenticate (against Authorization Service(AS)). We can use a 3rd party
IDP to manage SSO for user to log in with the same credentials into AS
as well into the actual resource application. And we can also use
Google/etc account ids to sign in, thus effectively depending on
Google/etc (the work for supporting it in CXF will start shortly), but
in itself it is orthogonal to the work of AS.
Thanks, Sergey
