RemoteTokenService for multiple client application

Question

How can I use RemoteTokenService for more than one client application (with different client_id and secret )?

UPDATE

public ResourceServerTokenServices tokenService() {
        RemoteTokenServices tokenServices = new RemoteTokenServices();

        tokenServices.setClientId("sample_test_client_app_auth_code");
        tokenServices.setClientSecret("secret");
        tokenServices.setCheckTokenEndpointUrl("http://localhost:8080/oauth/check_token");

        return tokenServices;
    }

That's how we configure instance of RemoteTokenService. and inject it to the OAuth2AuthenticationManager for separate Resource server and auth server. Is it correct?

so when some other client has to access this resource how can I configure RemoteTokenService for both of this client.can you provide some light on this. and tell me if I am wrong on something.

Not sure I understand the question. What is the problem exactly? — Dave Syer, Oct 11 '14 at 09:21

score 3 · Accepted Answer · answered Oct 11 '14 at 13:56

3

The client id in the RemoteTokenServices is not the client that is consuming the resource, it's the client associated with the resource itself (solely for the purpose of authentication of the /check_token endpoint). So once you have it working you can hit that resource from as many clients as you like.

answered Oct 11 '14 at 13:56

Dave Syer

56,583
10
155
143

So if I'm reading this correctly, a resource server can also be a client under the oAuth paradigm? – Kevin Bowersox Dec 21 '16 at 10:01
The spec doesn't mention it, so it doesn't preclude it. For the sake of clarity, the check_token endpoint is not part of the spec. – Dave Syer Dec 21 '16 at 14:12
Hi @DaveSyer ,How can I get info of the `many clients` in the resource server? – Jun 07 '18 at 15:08

RemoteTokenService for multiple client application

1 Answers1