I am developing an application with Play 2.0 and Scala that exposes some REST API. These APIs will be used by different applications, web, mobile or desktop, so the OAuth protocol (OAuth2) seems the most suitable.
Also I would initially use an external OAuth Provider such as Facebook.
My question is: what is the exact flow to authorize the individual REST call? What should I expect on the server side for each call and what I should check with the external provider?
With OAuth1 I knew that the client sent the token with all the signed request, but with Oauth2 I think not so, I imagine that if a token is not signed is not trusted and therefore I do not think this is the flow.
question from:https://stackoverflow.com/questions/11373843/securing-rest-api-on-play-framework-and-oauth2
