Spring OAuth vs. Spring Social

[marcelstoer]

Both Spring OAuth and Spring Social implement OAuth for Spring Security. Shouldn't resources be used a little more economically?

[stoicflame]

Yes. We're in the process of consolidating those libraries such that spring social will depend on spring oauth.

[marcelstoer]

Wonderful, that's good news.

[Keith Donald]

Spring Social has always depended on the official Spring Security OAuth project, it's never implemented its own OAuth library of any sort.

One thing Spring Social does support is the ability to use the Scribe OAuth 1.0 client library as an alternative, which could be preferred in a constrained resource environment such as Android phone due to its small footprint. Scribe is only ever enabled if it is present in your classpath and Spring Security OAuth is not.

Ryan, one thing you might want to consider in future versions of Spring Security OAuth is factoring out the server (provider) piece out from the client/consumer piece, so when the a OAuth client is needed in a mobile environment such as Android, the server piece wouldn't also be present.

Keith

[jaalex]

I am new to OAuth and Spring Social ; just wanted to understand how much of the authentication is taken care by Spring Social and how much the client (which uses SS) should do. In basic terms, is it possible to pass the username, password and list of permissions to Spring Social and have it return the accessToken (in case of FB) or should the client have the fb:login window which takes care of authenticating and redirecting to a specified URL with the accessToken which can then be passed to Spring for invoking the APIs. Please clarify.

Thanks!
jaa

[stoicflame]

I think you'll probably have to take your question over to the spring social forum.