Hi,
Currently we use CAS for SSO between web applications, now I'm trying to use for restful webservices token based authentication using OAuth2/JWT tokens. When I was playing with it I noticed that for accessing token we need to pass client_id, client_secret for Grant type client credential and username/password for Grant type password as parameters. I think its very unsecured because these show up in tomcat access logs. Is there any way to pass as part of body or http headers instead of params without me override lot of cas code ? Thanks Rao -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/48a85b67-1292-40c0-ac6c-c514af786687%40apereo.org.