Grails: Securing REST API with OAuth2.0

Question

I am building a REST API using Grails. I want it to be protected using OAuth2.0 client_credentials flow(grant_type). My use-case is as follows:

a external agent will send a request to something like

http://server-url/oauth/token?client_id=clientId&client_secret=clientSecret&grant_type=client_credentials

and obtain a access_token. Then, my URL(protected resource) should be accesible with something like

http://server-url/resource?access_token={access-token obtained before}

I am looking for something that makes doing this on Grails easy and quick. What will be the best way/tool/plugin to use for this ? Scribe library is an option, if there are any tutorials for my specific use-case, it will be great.

P.S.: I have tried the spring-security and related plugins, no joy there. Any alternatives would be nice.

Answer 1

I have the same issue. I found a lot of grails plugins that helped you authenticate your app against other oauth providers, but nothing that would help me make my app the oauth provider. After a lot of digging, I came across this grails plugin that will do exactly what you want.

https://github.com/adaptivecomputing/grails-spring-security-oauth2-provider

I'm still configuring it for my application, and I think the docs might need a few edits (specifically the authorization_code flow) but I got the simple client_credentials flow to work with minimal configuration. Hope that helps!