On 16/11/12 07:27, jbright wrote:
I do have a question, since I was following your note below:
I will have the credentials in the message payload itself. So If I validate
that in the service code itself, how does the request get redirected in case
of validation failure.
I'm assuming you are talking about the part where the end-user has been
initially redirected from the client web application back to the
resource server.
So we must be talking about the credentials of the end user who is now
sitting in front of the browser (assuming we are talking about the
authorization code flow) given that the end user needs to authenticate.
Is that the case ? If yes, then at this stage no application service
code is involved yet, can you clarify please what do you mean by "the
credentials in the message payload itself. So If I validate
that in the service code itself" ?
Thanks, Sergey
--
View this message in context:
http://cxf.547215.n5.nabble.com/Re-OAuth2-with-Oracle-Access-Manager-tp5718431p5718580.html
Sent from the cxf-user mailing list archive at Nabble.com.
