Uploaded image for project: 'Spring Social'
  1. Spring Social
  2. SOCIAL-305

Support for Resource Owner Credentials Grant


    • Type: New Feature
    • Status: Resolved
    • Priority: Minor
    • Resolution: Complete
    • Affects Version/s: None
    • Fix Version/s: 1.1.0.M1, 1.1.0.RELEASE
    • Component/s: None
    • Labels:


      Spring Social's ConnectController handles OAuth 1's 3-legged flow as well as OAuth 2's Authorization Code Grant and Implicit Grant. These are perfect for web-oriented apps, but OAuth 2's Resource Owner Credentials Grant (ROCG) is more appropriate for mobile apps, especially native mobile apps or those that present themselves as native (e.g., deployed in PhoneGap). ROCG's lack of a browser redirect, which would seem awkward in a mobile app, as well as the higher degree of trust for an app deployed in a personal device vs. that of an app on a web server make the ROCG flow more desirable for mobile apps.

      Spring Social currently offers nothing to directly support ROCG. Although ROCG is just a simple REST API call and can be done simply with RestTemplate, directly supporting it in Spring Social could provide benefits in terms of transparent persistence of the access token as a connection via Spring Social's connection repositories and creation of API binding instances from those connections. This would be especially useful in Android apps that are using Spring Social.




            • Assignee:
              habuma Craig Walls
              habuma Craig Walls
            • Votes:
              0 Vote for this issue
              1 Start watching this issue


              • Created: