Jan 12th, 2012, 03:40 PM
ClientDetailsService service and initial persistence for OAuth 2.0 and automatic auth
I'm going through all the demos for OAuth 2.0, and I'm now trying to set up my Authorization server. In our architecture we'll have 1 Authorization application, and several resource server applications. I have a few questions I could use a hand with.
1. I'm using spring security at the moment. How does the ClientDetailsService relate to the the UserDetailsService in spring security? I noticed there isn't a persist method. From my understanding of the Spec the ClientDetails are the actual client itself, I.E browser, phone etc, NOT the user/resource owner. The resource owner authorizes the client. Where do these clients get persisted within the framework of the Authorization Server once the user/resource owner has authorized the client?
2. We're also using our decentralized auth server as a means ofs. If the redirection e creating an SSO mechanism within our systemndpoint is from any server in our domain, I want to automatically approve the client with the requested scope. Where would I hook in to the framework to do this?
Last edited by tnine; Jan 12th, 2012 at 04:55 PM.
Jan 13th, 2012, 11:02 AM
ClientDetailsService has a JDBC implementation if you need to persist stuff. the interface itself as such doesn't need the writer methods, since OAuth2 doesn't specify how the clients get registered, just that they are registered. Your interpretation of the distinction between a client and a user is correct.
Your second question appears to have been garbled. Can you edit it back into english?