Search code examples
springoauthspring-social

Spring social custom OAuth2Version

I tried to interface a RESTfull web service and after some research I found the spring-social project that give a nice way to make an API binding to REST resource with different security mechanism like OAuth1a/2 out of the box.

My problem is that the Web service I try to interface doesn't match all aspect of OAuth2 in spring social when calling secure rest endpoint, especially the access token transmission for each call.

Spring Social give 4 OAuth2 version specification:

  • BEARER : with header value of "Bearer "
  • BEARER_DRAFT_2 : with header value of "Oauth2 "
  • DRAFT_10 : with header value of "Oauth "
  • DRAFT_8 : with header value of "Token token="""

and 3 token strategies

  • AUTHORIZATION_HEADER : Indicates that the access token should be carried in the Authorization header as an OAuth2 Bearer token
  • ACCESS_TOKEN_PARAMETER : Indicates that the access token should be carried as a query parameter named "access_token"
  • OAUTH_TOKEN_PARAMETER : Indicates that the access token should be carried as a query parameter named "oauth_token".

So my problem is the web service handle the access token differently like this:

  • By parameter with http://base_api_path/?token=<accessToken>

Or

  • With a custom header X-<Vendor>-Token: <token>

So how can I override the spring social default Oauth2 mechanism?

I hope my question is clear enough!

Solution

  • In the spring-social-linkedin project they do something like you want, you might want to take a look to the OAuth2TokenParameterRequestInterceptor method of this class