REST service with third-party OAuth2

Question

REST service with third-party OAuth2

I create a REST server and client for it. Now I need to implement third-party authentication oauth2. Right now, I am directing the user to the server, letting him authenticate with the service, and then redirecting to the client, something like this:

Client: not authenticated → Server → Redirect to a third party → Redirect to server → Redirect to application.

Then I save the cookie on the client to identify the user (the cookie is sent using Credentials and CORS).

Now the problem is, what should I do with re-authentication when the token expires? Since the client and server only exchange data through json, I will have to initiate the full authentication process again, and therefore the user will lose all state in the application. Does anyone have a suggestion on how to get around this problem? Is it better to do client-side authentication and store an access token on the server or something like that?

+4

authentication rest oauth client-server

cpojer Feb 21 '13 at 11:58

source share

1 answer

rai.skumar · Answer 1 · 2013-02-21T12:25:02+0000

Whatever you do is the right way to get an OAuth access_token . And your access_token is temporary, so it may expire.

I think you can do one of the following:

Check if the authorization server (which you use to get the token) is allowed to get a longer token using access_token . It is also offered in the OAuth 2 specification.
Try saving user state without using a session.

REST service with third-party OAuth2

More articles: