cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Łukasz Moreń <lukasz.mo...@gmail.com>
Subject [GSOC] OAuth Resource Owner Authorization implementation
Date Mon, 21 Jun 2010 22:20:57 GMT
Hi,

I'm going to implement the second OAuth endpoint called: Resource Owner
Authorization.
I will explain briefly this endpoint to make my question more clear.

Client (third-party app) make request to mentioned endpoint in order to
obtain approval for accessing user (resource owner) resources.
example request uri:
https://www.server-with-cool-pictures.com/authorize?oauth_token=hh5s93j4hdidpola

As the response authorization server:
1. requests user (resource owner) to sign in using his username and
password,
2. if successful ask user to approve granting client (third-party app)
access to protected resources.
3. redirect resource owner to client's callback url with unique verification
code (or display it in case callback url is not provided)

I am not sure how should this endpoint implementation looks like. It
requires UI to authenticate user and confirm third-party app access, so
some
generic solution is needed.
When client make request on Resource Owner Authorization URI with
oauth_token I can validate that request and redirect to UI login page.
I don't know how after user actions (login and client confirmation), go back
to my service and redirect to the client (third-party app) callback url with
generated validation code.

Any help on that?

Cheers,
Lukasz Moren

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message