OAuth2: resource-server / client #921
Comments
|
For user-facing monoliths without reusable APIs, a better minimal option would be "login-only" (without resource server). It was the first version of the previous PR, so it would be easy to reproduce. Microservices and standard Web Services should not provide "login" but only JWT, so SecurityConfiguration should override the default configuration without "login" must not be confused with "client":
So there is another case, which is "client-only" for a job that calls APIs but doesn't not expose anything. It's a less common scenario, and although I implemented it in a previous attempt, I guess it won't be very useful. Do you confirm that we prefer distinct endpoints over common endpoints with options? |
|
Thanks for clarification @pblanchardie Indeed you're right about I'll see how to propose something smarter, with your initial idea. Maybe 2 versions of OAuth2:
About endpoints, yes, for now, I prefer distinct endpoints, until this ticket is solved: #144 |
|
The new module OAuth2 is better now, thanks to @DamnClin |
Currently, the API OAuth2 generates:
After some discussion with @Bolo89 and following this very important comment #270 (comment) too, let's discuss about how to have a better minimal option for microservice (for example)
cc @Bolo89 @pblanchardie
The text was updated successfully, but these errors were encountered: