Win a copy of TensorFlow 2.0 in Action this week in the Artificial Intelligence and Machine Learning forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Liutauras Vilda
  • Paul Clapham
  • Bear Bibeault
  • Jeanne Boyarsky
  • Ron McLeod
  • Tim Cooke
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Jj Roberts
  • Stephan van Hulst
  • Carey Brown
  • salvin francis
  • Scott Selikoff
  • fred rosenberger

Which is the best way to implement a OAuth 2.0 Authentication with a REST Web Service?

Ranch Hand
Posts: 167
Oracle Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello Everyone,

I want to get some information from a REST Web Service and I am thinking of which is the most better way performance and architecture wise.
I am using Apache http library and am coding in Java.

The process is as follows:
Requesting a SAML assertion.(POST)
When i get the SAML assertion I input it in another POST call in order to get an access token.(POST)
I get a Json with the Access Token, an I parse it and I save it in a String
Then I make a GET call in order to validate the access token.

As soon as the access token is okay, I then have to make several GET calls (about 3-4 ) with the same access token in order to receive xmls with the information that I want which I will parse and get the information.

Whih is the best way / architecture wise in java to do all this process?
Any ideas?


Saloon Keeper
Posts: 12431
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You mean OAuth Authorization. OAuth doesn't do authentication. That's what the SAML identity provide is for.

You left a lot out of your rough design. For instance, how are you going to let the user authenticate themselves with the identity provider? Will the client application be running in a web browser or as a desktop or mobile app?
them good ole boys were drinking whiskey and rye singin' this'll be the day that I die. Drink tiny ad.
the value of filler advertising in 2020
    Bookmark Topic Watch Topic
  • New Topic