OAuth 2 Service provider

[utkarsh.hiremath]

Hello ,
I am new to OAuth 2. I want to use Service Provider OAuth 2 spring security but my client applications are in .net.
Service that i want to provide is REST service.How will i integrate OAuth 2 for spring security to accomplish this task.
Please ,Any help will be appreciated..
Thanks

Regards,
Utkarsh

[Dave Syer]

I don't have any samples in .NET, but I imagine there are OAuth2 libraries available. The sparklr2 sample is your template for a "Service Provider" (not at OAuth2 term): sparklr2 is an Authorization Server (granting access tokens) and a Resource Server (accepting tokens to access protected resources).

[utkarsh.hiremath]

I don't have any samples in .NET, but I imagine there are OAuth2 libraries available. The sparklr2 sample is your template for a "Service Provider" (not at OAuth2 term): sparklr2 is an Authorization Server (granting access tokens) and a Resource Server (accepting tokens to access protected resources).

But can i use Sparklr2 as a service provider(which is implemented in Spring Security) for client applications that are implemented in .net.
What changes i will have to make to Sparklr2 to create my own service provider.

Do i need to do any change in client application? Because i dont want to make any change in client application & REST service that i wish to provide access to. I wish to integrate this Service Provider module in between this, How can i do this?

[Dave Syer]

I think you mean "AuthorizationServer" not "Service Provider" (the latter is ambiguous and has no definition in the context of OAuth2)? The REST service and the client application that you already have are the "Resource Server" and "Client" respectivey in OAuth2 terms. Sparklr2 is already an Authorization Server (see the <oauth:authorization-server/> configuration). Whether or not you have to make changes to your Resource Server and Client I really can't say because I haven't seen them. Probably if they use a recent version of the spec the changes should be minimal. I would have thought at least you would have to change the URLs that point to your existing Authorization Server? How does your Resource Server check the token contents (maybe you need to adapt that, or to adapt the token issued by sparklr2 to match its expectations)?

[utkarsh.hiremath]

Yes right i mean 'authorization server' only.
1.i do not have any authorization server right now .I am going through Sparklr2 for reference, what changes will i have to do in Sparklr2 to create my own AuthorizationServer.
2. Client app & Resource server(my REST service) are two independent apps. They are not using OAuth service right now.But now i want to integrate this authorization server in between to provide client app authorized access to REST service how can i accomplish that.

[Dave Syer]

1. You don't *have* to do anything (sparklr2 is already an Authorization Server), so it's fine for testing. You probably want to change the at least the AuthenticationManager so you can authenticate your own users, not marissa and paul.

2. I don't know (I haven't seen the apps). If they are .NET I'm afraid you are going to have to ask somewhere else, sorry. If they are Java then look at sparklr2 for an example of an <oauth:resource-server/> and tonr2 for an example of a Client (<oauth:rest-template/>).