Hi Srgey, Thanks for your help. The 1-leg flow, as far as I understood, consists in the fact that client doesn’t have to ask for tokens (neither request nor access tokens) before accessing protected ressource. Here is an image showing the flow (well, if I succeed to insert it):
<http://cxf.547215.n5.nabble.com/file/n5780904/687474703a2f2f7075752e73682f32706530372e706e67.png> So, yes, my task would be to provide the client code able to access resources protected by this security algorithm. I had a look at the OAuthClientUtils and if it allows me to construt the Authorization header with all its bits and bolts, it's already something. Otherwise it seems that Spring Security would support it also but I'm afraid that using Spring Security means using Spring REST as well, which we don't want. Kind regards, Nicolas -- View this message in context: http://cxf.547215.n5.nabble.com/Using-OAuth-1-0a-with-JAX-RS-CXF-tp5780889p5780904.html Sent from the cxf-user mailing list archive at Nabble.com.
