Configure OAuth Core Authentication
37.1.1. Authenticating with OAuth OAuth authentication is the process in which Users grant access to their Protected Resources without sharing their credentials with the Consumer. OAuth Authentication is done in three steps: The Consumer obtains an unauthorized Request Token. This part is handled by RESTEasy. The User authorizes the Request Token. This part is not handled by RESTEasy because it requires a user interface where the User logs in and authorizes or denies the Request Token. This cannot be implemented automatically as it needs to be integrated with your User login process and user interface. The Consumer exchanges the Request Token for an Access Token. This part is handled by RESTEasy. In order for RESTEasy to provide the two URL endpoints where the Client will request unauthorized Request Tokens and exchange authorized Request Tokens for Access Tokens, you need to enable the OAuthServlet in your web.xml: OAuth org.jboss.RESTEasy.auth.oauth.OAuthServlet OAuth /oauth/*