[Jersey] Re: OAuth 2 + Jersey Example

From: algermissen1971 <>
Date: Fri, 09 Aug 2013 22:39:22 +0200

On 09.08.2013, at 22:26, Nick Khamis <> wrote:

> Hello Jan,
> Is implementing the OAuth 1 spec easier in that case?

Well, it depends. OAuth1 has madatory signatures (Oauth 2 does not - which is one of it's flaws, IMHO). Signatures are kind of hard to get right and AFAIU the OAuth 1 way of doing it isn't too dev friendly.

OAuth puts all security bets in one basket: TLS - and you probably know how secure that is from a user (ignore warning window) or dev (ignore those darn certificate exceptions) perspective.

Depends what your goal is, actually. Maybe you can share details.

If you asked me personally, Id recommend any time: Hands off of OAuth 2 :-)


> The reason I ask
> is because the OAuth* implementation has been removed from the jersey
> 2.0 bundle.
> Kind Regards,
> Nick.