Spring Social
  1. Spring Social
  2. SOCIAL-305

Support for Resource Owner Credentials Grant

    Details

    • Type: New Feature New Feature
    • Status: Resolved
    • Priority: Minor Minor
    • Resolution: Complete
    • Affects Version/s: None
    • Fix Version/s: 1.1.0.M1
    • Component/s: None
    • Labels:
      None

      Description

      Spring Social's ConnectController handles OAuth 1's 3-legged flow as well as OAuth 2's Authorization Code Grant and Implicit Grant. These are perfect for web-oriented apps, but OAuth 2's Resource Owner Credentials Grant (ROCG) is more appropriate for mobile apps, especially native mobile apps or those that present themselves as native (e.g., deployed in PhoneGap). ROCG's lack of a browser redirect, which would seem awkward in a mobile app, as well as the higher degree of trust for an app deployed in a personal device vs. that of an app on a web server make the ROCG flow more desirable for mobile apps.

      Spring Social currently offers nothing to directly support ROCG. Although ROCG is just a simple REST API call and can be done simply with RestTemplate, directly supporting it in Spring Social could provide benefits in terms of transparent persistence of the access token as a connection via Spring Social's connection repositories and creation of API binding instances from those connections. This would be especially useful in Android apps that are using Spring Social.

        Activity

        Hide
        Craig Walls added a comment -

        This work is now complete at the OAuth2Template-level. Work should still be done at the connection factory-level to allow for ROCG authorization that seamlessly stores connections in the connection repository.

        Show
        Craig Walls added a comment - This work is now complete at the OAuth2Template-level. Work should still be done at the connection factory-level to allow for ROCG authorization that seamlessly stores connections in the connection repository.
        Hide
        Craig Walls added a comment - - edited

        I'm reducing the scope of this issue to focus on support for ROCG at the OAuth2Template level so that I can push that with 1.1.0.M1. SOCIAL-336 will address supporting ROCG at the connection framework level.

        Show
        Craig Walls added a comment - - edited I'm reducing the scope of this issue to focus on support for ROCG at the OAuth2Template level so that I can push that with 1.1.0.M1. SOCIAL-336 will address supporting ROCG at the connection framework level.
        Hide
        Craig Walls added a comment -

        Complete inasmuch as ROCG is available via OAuth2Template. SOCIAL-336 will address enabling it at the connection framework level.

        Show
        Craig Walls added a comment - Complete inasmuch as ROCG is available via OAuth2Template. SOCIAL-336 will address enabling it at the connection framework level.

          People

          • Assignee:
            Craig Walls
            Reporter:
            Craig Walls
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: