Hi, I am still pretty new at this, so might have not understood this correctly. I am trying to protect my API via ouath. I basically need 2 types of flow, one is a client credentials, where a client can dynamically register and then access their resources. For this, I have followed the documentation and have successfully implemented the same. I am using a bearer token for this.
Next I would need a JWT which my clients would generate and then use them. I have created an SDK which is used by my clients to create JWTs. Based on the information within the JWT, the bearer of this token can get access to the clients resource. So, I need to support 2 types of tokens - Bearer and JWT tokens. I did a little bit of searching but was left confused. I tried using the org.apache.cxf.rs.security.jose.jaxrs.JwtAuthenticationFilter (registered it as a filter in the service I want to protect), which checks for the validity of the JWT token, but it would block requests made with the bearer token. I am not sure how to proceed from here. Should I create a custom token validator for my OAuth filter ? Thanks Rajan -- View this message in context: http://cxf.547215.n5.nabble.com/Support-both-Bearer-and-JWT-tokens-tp5766050.html Sent from the cxf-user mailing list archive at Nabble.com.
