M
Michael Jacobs
Guest
Hello Brian, The 11.7.2/3 default OAuth2 configuration is for a pure OAuth2 Resource Server (aka Data Service). It [currently] does not include the Spring OAuth2 client that would do the redirection to an OAuth2 Authorization Server where an interactive user login would be managed according to the resource's OAuth2 flow. As a Resource Server it delegates the OAuth2 Client role to the caller, who may choose their implementation language and OAuth2 client library to fit their requirements. It simply accepts a token, validates it if the caller passes one, and passes a replica of it as a Client-Princpal to the ABL application. The oauth2.resSvc.remoteTokenService.uri property is there for the Resource Server to call the OAuth2 Authorization Server and exchange its issued OAuth2 random access token for an OAuth2 self-contained (aka ID token) token the Resource Server can use for user-id & role authorization in the server and ABL application. It will do nothing to begin an interactive user login. Question: is is important that PASOE include the OAuth2 Client configuration for interactive user logins, or will that functionality be better handled in your client's implementation? Hopes this clarifies the current OAuth2 support, Mike J.
Continue reading...
Continue reading...