Jul 23rd, 2012, 02:36 PM
OAuth 2.0 for Server to Server communication
Can OAuth 2.0 / Spring OAuth be used for server to server communication? In the SOA world, there are a number of services that need to interact with each other and not necessarily involve interaction with any user agent or browser. For such use cases, can OAuth 2.0 be used in any form to secure the interactions between the services?
If OAuth 2.0 isn't recommended, are there any standards out there for such a use case? And if yes, does Spring security support any such standard?
Jul 23rd, 2012, 03:56 PM
OAuth2 has client credentials grant. It might not be a reason to use OAuth2 on its own (e.g. you might be fine with a less centralized system with shared secrets), but it is there if you need it and are using OAuth2 anyway. I'm finishing a blog on why and when to use OAuth2, so I'll announce it here when it gets published (and also come along to SpringOne 2012 if you want to see the live version).
Jul 24th, 2012, 09:45 AM
Thanks, I will look out for your post.