cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Restrict OAUTH to specific webservice

Former Member

on ‎2018 Oct 26 1:25 PM

0 Kudos
224

Hi All,

Is there a way i can use OAUTH webservice to have access of limited rest webservice resource.

i need only some of teh resources to be used by OAUTH client. other webservices cannot be used by that oauth client

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
arvind-kumar_avinash
Active Contributor
‎2018 Oct 26 1:51 PM
0 Kudos

I am not an expert on OAUTH implementation but I think you should able to do it using OAUTH scope. Please refer https://developer.okta.com/blog/2017/06/21/what-the-heck-is-oauth#oauth-scopes to see an illustration of what you can do using OAUTH scope.

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎2018 Oct 29 6:41 PM
0 Kudos

Hybris provides 2 filters ie. HybrisOauth2UserFilter and UserMatchingFilter which can be customized to check the resource path and write custom logic to suit your business rules.

Show replies
Show replies
Former Member
‎2018 Oct 29 5:53 AM
0 Kudos

I did it different way. removed role ROLE_TRUSTED_CLIENT for oauth client. if any service have @security annotation, it will deny

Show replies
Show replies
Ask a Question