On 6/9/16 11:04 PM, Pedro Igor Silva wrote:
Bill,
Got the authz stuff working with the adapters. It was a puzzle but I think I have
something.
Yeah, its nasty. Every servlet container handlers security just a bit
differently than others so, its ugly.
* I've discarded my own sub-types of AccessToken, they were
redundant. The only difference between authz tokens and access tokens was a list of
permissions. And the concept behind them is the same. I've added a
"authorization" claim to AccessToken (null by default) from where permissions
granted by the server can be obtained.
Is a claim better? Or should
AccessTokenResponse optionally contain the
RPT? Or optionally a query param for Implicit Flow? Or have both? I
don't know.