Download files in Javascript with OAuth2

Question

I\'m developing an single-page with Javascript+AngularJS on the client side and Spring MVC + Spring Security OAuth2 on the server side. Spring MVC acts as a REST controller

Answer 1

I would go with cookies if I were you - it takes all the hassle out of it. I wrote some blogs recently to show how easy it is (e.g. https://spring.io/blog/2015/01/20/the-resource-server-angular-js-and-spring-security-part-iii). People get too hung up on "stateless" applications.

Answer 2

Turns out it's very easy to to in spring-security-oauth2 2.0.7.RELEASE:

Simply pass the access token as the access_token request parameter:

window.open("service/export?access_token=" + access_token);

Now, this will appear with the access token in plaintext in the download history, so for proper security a "logout" option should be properly implemented, or the download will have to be done as a "form post".