Re: Using OAuth 1.0a with JAX-RS CXF

Thu, 01 Jun 2017 09:13:25 -0700 

Can you remind me please what is OAuth1.0a leg about anyway ?
As far as I recall only a 3-leg flow was completely specified.
Perhaps you do not even need any specific utility code for the 1.a 1 leg flow 

Sergey
On 01/06/17 16:55, Sergey Beryozkin wrote:

Hi


It has been many years since some contributions were made to CXF OAuth 
1.0a code and I was actually hoping to remove it from the CXF master but 
we agreed to keep for now. As far as CXF is concerned all the 
'investment' goes into the its OAuth2 and OIDC and JOSE code.


I've updated

https://cwiki.apache.org/confluence/display/CXF20DOC/JAX-RS+OAuth

see


https://cwiki.apache.org/confluence/display/CXF20DOC/JAX-RS+OAuth#JAX-RSOAuth-Client-sidesupport 




My understanding your task is really to write a client code which will 
be able to talk to a 3rd party server which is protected by OAuth1.0 
filter.



As far as the client side support for OAuth1.0a is concerned, CXF only 
offers OAuthClientUtils which can help to correctly format Authorization 
headers or get some tokens, etc


Cheers, Sergey
On 01/06/17 14:35, nicolasduminil wrote:

Hello,


My company is looking to implement an electronic signing solution 
based on
an external service provider. This service provider provides a set of 
REST
services which require OAuth 1.0a authentication/authorization. They 
don't

support 3-leg flow at all, they don't recommend to use 2-leg, but only
1-leg.

Looking at the CXF documentation, I found these two pages:
http://cxf.apache.org/docs/cxf-oauth-10.html,

http://cxf.apache.org/docs/jax-rs-oauth.html, but it is still 
difficult to
get an idea of what CXF proposes as far as OAuth 1.0a is concerned, 
and more

specifically 1-leg flow.

Additionally, the links on these pages are broken such that it is not

possible to download neither CXF OAuth 1.0 Extension, as proposed, 
nore the

samples OAuth Demo Server and OAuth Demo Client.


Last but not least, our REST clients supposed to use OAuth 1.0a will 
run as

Java EE components deployed on WebSphere 9.0.0.3 which comes with Apache
3.0.3. We don't have the option to use another release of Apache CXF than
the one comming with WebSphere. And customizing Apache CXF 3.0.3 in

WebSphere is probably difficult or not possible given that it comes 
bundled

in a quite rigid way.


So my questions are: what options would we have here ? Is it possible 
to use
Apache CXF for these purposes and, if yes, how ? Where can I find 
examples
of JAX-RS clients ? And how to download and install the required 
extensions

in the already bundles CXF on WebSphere ?

Many thanks in advance, for your help.

Kind regards,
Nicolas




--

View this message in context: 
http://cxf.547215.n5.nabble.com/Using-OAuth-1-0a-with-JAX-RS-CXF-tp5780889.html 


Sent from the cxf-user mailing list archive at Nabble.com.







--
Sergey Beryozkin

Talend Community Coders
http://coders.talend.com/






















					Reply via email to