These are chat archives for spring-guides/tut-spring-security-and-angular-js

14th
May 2015
Firoz Fazil
@ffazil
May 14 2015 10:28
Hi
In the Oauth2 version, if I need a rest endpoint in the authserver to add authorities or users, how should those endpoints be secured?
An access token is not required since there is no client in this case.
Dave Syer
@dsyer
May 14 2015 10:34
Entirely up to you then
I would use a token
But there's no rule
The cloud foundry UAA (for example) does it with tokens (https://github.com/cloudfoundry/uaa)
It's just a Spring Security configuration though, so you can do it however you please
Firoz Fazil
@ffazil
May 14 2015 10:35
So I need a client to administer authserver?
Dave Syer
@dsyer
May 14 2015 14:11
I didn't say that did I?
I said it's up to you
Firoz Fazil
@ffazil
May 14 2015 14:15
I meant the best practice is to have one. Checked out the uaa code as well.
Thanks.