Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 907F2200CA3 for ; Thu, 1 Jun 2017 17:47:44 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 8F0F1160BC4; Thu, 1 Jun 2017 15:47:44 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id AF0E1160BB5 for ; Thu, 1 Jun 2017 17:47:43 +0200 (CEST) Received: (qmail 40643 invoked by uid 500); 1 Jun 2017 15:47:42 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 40634 invoked by uid 99); 1 Jun 2017 15:47:42 -0000 Received: from Unknown (HELO svn01-us-west.apache.org) (209.188.14.144) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Jun 2017 15:47:42 +0000 Received: from svn01-us-west.apache.org (localhost [127.0.0.1]) by svn01-us-west.apache.org (ASF Mail Server at svn01-us-west.apache.org) with ESMTP id E51883A0574 for ; Thu, 1 Jun 2017 15:47:41 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1013278 - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-oauth.html Date: Thu, 01 Jun 2017 15:47:41 -0000 To: commits@cxf.apache.org From: buildbot@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20170601154741.E51883A0574@svn01-us-west.apache.org> archived-at: Thu, 01 Jun 2017 15:47:44 -0000 Author: buildbot Date: Thu Jun 1 15:47:41 2017 New Revision: 1013278 Log: Production update by buildbot for cxf Modified: websites/production/cxf/content/cache/docs.pageCache websites/production/cxf/content/docs/jax-rs-oauth.html Modified: websites/production/cxf/content/cache/docs.pageCache ============================================================================== Binary files - no diff available. Modified: websites/production/cxf/content/docs/jax-rs-oauth.html ============================================================================== --- websites/production/cxf/content/docs/jax-rs-oauth.html (original) +++ websites/production/cxf/content/docs/jax-rs-oauth.html Thu Jun 1 15:47:41 2017 @@ -117,12 +117,15 @@ Apache CXF -- JAX-RS OAuth
-

JAX-RS: OAuth

 

+ + 

 

Developing OAuth 1.0 Servers

OAuth server is the core piece of the complete OAuth-based solution. Typically it contains 3 services for:

  • Initiating the flows by issuing temporarily tokens to consumers
  • Authorizing request tokens by asking the end users to let consumers access some of their resources and returning the
    confirmation back to the consumer
  • Exchanging authorized request tokens for access tokens

CXF offers 3 JAX-RS service implementations that can be used to create OAuth 1.0 servers fast: RequestTokenService, AuthorizationRequestService and AccessTokenService.

All of these 3 services rely on the custom OAuthDataProvider which manages request and access tokens. Writing your own OAuthDataProvider implementations is what is needed to get the OAuth server up and running.

RequestTokenService

The main responsibility of RequestTokenService is to create a temporarily request token and return it back to the consumer. It supports POST and GET requests and returns a form payload containing the new request token and its secret.

Here is an example request log:

+

Developing OAuth 1.0 Servers

OAuth server is the core piece of the complete OAuth-based solution. Typically it contains 3 services for:

  • Initiating the flows by issuing temporarily tokens to consumers
  • Authorizing request tokens by asking the end users to let consumers access some of their resources and returning the
    confirmation back to the consumer
  • Exchanging authorized request tokens for access tokens

CXF offers 3 JAX-RS service implementations that can be used to create OAuth 1.0 servers fast: RequestTokenService, AuthorizationRequestService and AccessTokenService.

All of these 3 services rely on the custom OAuthDataProvider which manages request and access tokens. Writing your own OAuthDataProvider implementations is what is needed to get the OAuth server up and running.

RequestTokenService

The main responsibility of RequestTokenService is to create a temporarily request token and return it back to the consumer. It supports POST and GET requests and returns a form payload containing the new request token and its secret.

Here is an example request log:

Address: http://localhost:8080/services/oauth/initiate
 Encoding: ISO-8859-1
 Http-Method: POST