Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | |||
| docs:2500_config_apps:setting_up_oauth_protection [2026/07/07 08:13] – aware_admin | docs:2500_config_apps:setting_up_oauth_protection [2026/07/07 08:55] (current) – aware_admin | ||
|---|---|---|---|
| Line 44: | Line 44: | ||
| ==== Scopes ==== | ==== Scopes ==== | ||
| - | 1. Client | + | - Clients |
| - | 2. All requested scopes must be registered for the client. If no scopes are requested in the call, registered scopes are used. | + | |
| - | 3. The category of the called service must match one the approved scopes (approved by the end user) | + | |
| - | 4. Example of a valid service category: | + | |
| BSPrefix_scope1_scope2_scope3 | BSPrefix_scope1_scope2_scope3 | ||
| (provided that scope3 is not " | (provided that scope3 is not " | ||
| - | CLIENT CREDENTIALS FLOW: | + | ==== Client Credentials Flow ==== |
| - | The above describes | + | |
| - | In this flow you just need to call the AccessTokenService with a particular grant type. So you don' | + | The instructions |
| - | The first step should be calling AccessTokenService but instead of the authorization_code grant type you specify client_credentials grant type: | + | |
| + | | ||
| instead of this: | instead of this: | ||
| - | http:// | + | < |
| - | You specify | + | the client ashould call this: |
| - | http:// | + | < |
| - | + | ||
| - | For this to work a special ClientCredentialsGrantHandler needs to be registered. Again in theory this can be done by modifying the file AwareIM/ | + | |
| - | <bean id=" | + | |
| - | < | + | |
| - | </ | + | |
| - | + | ||
| - | And then modify the following lines to add reference to the bean above (line in bold below): | + | |
| - | < | + | |
| - | < | + | |
| - | < | + | |
| - | < | + | |
| - | < | + | |
| - | < | + | |
| - | </ | + | |
| - | </ | + | |
| - | </ | + | |
| - | + | ||
| - | The rest is the same as for the Authorization flow. So the client registers as before and gets the client id and secret. Then he calls access token service as explained above with the same headers as for the Authorization flow. He will then get the access token in the same way as in the authorization flow (there is no refresh token!) | + | |
| - | Then the client can call an Aware IM service using this access token in the same way it is done in the Authorization flow. | + | |
| + | ==== Summary ==== | ||
| Your service documentation needs to convey to the callers of the service that before calling the service, they need to do the following: | Your service documentation needs to convey to the callers of the service that before calling the service, they need to do the following: | ||