Nov 5th, 2012, 11:23 AM
Implicit user authorization
I have seen in the spring-oauth sparklr demo that there is a provision to have auto-approved clients. I am trying to have a session established when a user uses the Resource Owner Credentials flow to "login" and have the server automatically approve a client if the user is logged in. This seems to be a pretty common flow, and I understand how this can be done through a web login, but I am unable to see how "sessions" are established when the user "logs in" and gets a token using the resource owner credentials flow for native/mobile clients. How is the user "remembered" in such cases when he asks for an authorization code? I would appreciate any pointers.