Hi every body.
We have a back-end including some REST web services (resources) and some users want to call these secure web services.
Our users just have their username and passwords and client-id (and NOT client-secret).
First Solution:
We have to define a client per user (who wants to call our web services) and provide client-id/client-secret for user to authorize.
Second Solution
User need to authenticate with his own username/password and get a token.
Then use this token as bearer token to get an uma-ticket (rpt token).
Then use the second token(RPT token) to authorize and call resource server web services.
But this process is not so straightforward, cause of getting two token for call a web service.
Is there a better solution? l
Thanks to all.