Is there a way to limit the origins that can log via the oauth2 sso?
conteit opened this issue · comments
I'm looking at the oauth2 example and it fits the use case I have in mind for my application, but i'm wondering if it is possibile to grant that only the ui webapp can log in to the system as client acme.
I'd like to provide different rights to different clients. But with the oauth2 Sso anyone can act like the "official" gui.
Only if they have the client secret. That's normally how you control access from clients. If that's not enough I guess you could add some more access rules using Spring Security.