Home What grant type should be used while requesting a token from Resource server to Authorization server?
Reply: 0

What grant type should be used while requesting a token from Resource server to Authorization server?

TruckDriver
1#
TruckDriver Published in 2018-01-06 18:41:36Z

I have a webapp, where the backend Rest Server and front end is Angular 2 spa. I have split the backend into Resource server and Authserver. My current webapp allows the end users to

  • Either register manually and log in to use website
  • Or use Facebook to log in.

For use case 2,i.e. Facebook log in,I am doing the following

    1. get fb token, via FB js SDK.(requested by angular frontend)
    1. send this token to Resource server
    1. Verify it in resource server by calling the FB api and verifying token validity and user_id
    1. Now generate my webapp's token from my webapps' Auth server
    1. And use this token for further API validations

In step 4, I am not sure how to proceed further. From docs, it seems that most suitable grant is password in this case. If I use "password" grant_type, then i need to supply username password from Resource server, Which i can not because my passwords stored in DB are Bcrypt encoded(encrypted).

How should i solve this issue. This is a rather very common use case, I am wondering what others do to validate their APIs after logging through facebook? Do they use FB tokens for all successive API validations or their local tokens.

Can someone point out what is the correct grant_type i should use so that i don't lose track of logged in user?

You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 0.38397 second(s) , Gzip On .

© 2016 Powered by mzan.com design MATCHINFO