JavaRockr
Reputation: 65
Oauth2 Request Token using Spring Security
I am very new to spring-security oauth and hence the question.
If I use the default oauth implementation with spring security I use the following :
http://localhost:8080/test-api/oauth/token?grant_type=implicit&client_id=test-app&client_secret=mysec1&username=user&password=password
I i understand correctly ,in this case all username ,passwords,credentials will be visible in the URL.Is it not be a security risk.Is it not better if all these are passed as post parameters.
Any help will be appreciated
Upvotes: 2
Views: 615
Answers (1)
Ralph
Reputation: 120761
OAuth2 works only in a secure way when https (s!) is used. In Https the request parameters are encrypted. So the request parameters are secured!
Upvotes: 2
Related Questions
- Spring MVC - Get access token
- Spring MVC application and OAuth2 authorization
- Spring Security: How to pass oauth2 access token in request headers
- spring security token request requires authentication
- Spring OAuth2 Access Token in HTTP Header
- Spring oauth2 custom token issue
- OAuth2 with Spring MVC rest APIs
- Spring OAuth2 - Create an access token
- Spring Security Oauth - Basic access authentication needed when sending token request
- Spring oauth2 validate token request