Hello
Java Ranchers
I am working in a financial Project wherein we have the following components
1. Web Services Exposed.
2. Consumer for these web Services which provide UI to the end-users .
We are currently using OAuth 2.0 , but after reading about OAuth 2.0, I feel that we do not actually require OAuth 2.0 in our case due to following reasons
1. Since Our API's are not exposed to public (Like facebook and twitter) , they are only meant for the Consumers we will built, we can have just CLIENT_ID and CLIENT_SECRET embedded in UI component (Server Side), which will suffice the security.
2. We can restrict our API's to be accessible only when REQUEST will carry CLIENT_ID and CLIENT_SECRET.
Suggestions !!!
Thanks and Warm Regards