Sep 7th, 2011, 08:45 AM
OAuth 2 using multiple grant types with same client
Is it possible in OAuth 2 to use multiple grant types with the same client to connect to a provider? If so, what would the configuration look like, if I wanted to allow "authorization_code" and "client_credentials" for Tonr to access Sparklr and how can the client decide which grant type to use for a certain call?
To give you an idea why I want to do this: My client application should allow users to access certain resources on the provider via grant type "authorization_code", very similar to the Tonr/Sparklr example. Additionally there are timer based service tasks in the client that need read access to the resources of all users (some kind of admin work). Since theses tasks have to run in the background and cannot be triggered by a special admin user, I thought about using the grant type "client_credentials" (possibly with a different scope) to let client and provider authenticate directly for this.
Is this possible and if so, how? Or is there a better way to achieve this?
Best regards and thanks in advance
Sep 7th, 2011, 11:01 AM
If your client is using Spring Security OAuth, wouldn't you just use a different OAuth2RestTemplate with a different resource for each grant type? Having said that, I don't think there is client-side support for anything other than authorization code yet. There is a JIRA issue open for client credentials (SECOAUTH-75).
Last edited by Dave Syer; Sep 7th, 2011 at 11:03 AM.
Reason: update for JIRA link
Sep 12th, 2011, 09:59 AM
Thanks Dave, you're right, it should be exactly that simple. I just missed the the connection between resource and rest template, sorry.
However, good to know that client-side support for grant type "client_credentials" is not implemented yet, so I'll wait for that issue to be resolved.