aeloy
Reputation: 150
Web App Client using ImplicitAccessTokenProvider from Spring Security OAuth2
I am writing an OAuth 2.0 client application and I am trying to use ImplicitAccessTokenProvider. But the problem is that this class allows for access token request by sending POST request to /oauth/token Authorization Server's endpoint.
For my Authorization Server to support this different Implicit flow implementation, I should change the Authorization Server to support Implicit Grant type to accept access token requests through /oauth/token. But it violates RFC 6749 because an access token must be implicitly retrieved in response of Resource Owner's authorization.
Does anybody have written any Client application which relies on ImplicitAccessTokenProvider to share the experience?
Upvotes: 1
Views: 157
Answers (0)
Related Questions
- spring security OAuth2 - custom ClientDetailsService
- Spring Security, OAUTH2, dynamic client-secret
- Spring Boot + Security OAuth2.0 Client with Custom Provider
- Spring OAuth2 Security - Client Credentials - Custom AuthenticationProvider
- Oauth2 Client in Spring security
- Implementing OAuth2 Implicit Grant with Spring Security
- Configure custom OAuth2AccessToken on a client Spring Boot Application
- OAuth2 with Implicit client and csrf protection
- Implementing Oauth2 with spring security in web application
- How proper configure Spring Security OAuth 2.0 Client Credentials?