[SOCIAL-305] Support for Resource Owner Credentials Grant Created: 17/Apr/12  Updated: 24/Apr/14  Resolved: 26/Nov/12

Status: Resolved
Project: Spring Social
Component/s: None
Affects Version/s: None
Fix Version/s: 1.1.0.M1, 1.1.0.RELEASE

Type: New Feature Priority: Minor
Reporter: Craig Walls Assignee: Craig Walls
Resolution: Complete Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

Spring Social's ConnectController handles OAuth 1's 3-legged flow as well as OAuth 2's Authorization Code Grant and Implicit Grant. These are perfect for web-oriented apps, but OAuth 2's Resource Owner Credentials Grant (ROCG) is more appropriate for mobile apps, especially native mobile apps or those that present themselves as native (e.g., deployed in PhoneGap). ROCG's lack of a browser redirect, which would seem awkward in a mobile app, as well as the higher degree of trust for an app deployed in a personal device vs. that of an app on a web server make the ROCG flow more desirable for mobile apps.

Spring Social currently offers nothing to directly support ROCG. Although ROCG is just a simple REST API call and can be done simply with RestTemplate, directly supporting it in Spring Social could provide benefits in terms of transparent persistence of the access token as a connection via Spring Social's connection repositories and creation of API binding instances from those connections. This would be especially useful in Android apps that are using Spring Social.



 Comments   
Comment by Craig Walls [ 09/Aug/12 ]

This work is now complete at the OAuth2Template-level. Work should still be done at the connection factory-level to allow for ROCG authorization that seamlessly stores connections in the connection repository.

Comment by Craig Walls [ 26/Nov/12 ]

I'm reducing the scope of this issue to focus on support for ROCG at the OAuth2Template level so that I can push that with 1.1.0.M1. SOCIAL-336 will address supporting ROCG at the connection framework level.

Comment by Craig Walls [ 26/Nov/12 ]

Complete inasmuch as ROCG is available via OAuth2Template. SOCIAL-336 will address enabling it at the connection framework level.

Generated at Mon Dec 18 01:07:17 UTC 2017 using JIRA 6.4.14#64029-sha1:ae256fe0fbb912241490ff1cecfb323ea0905ca5.