I'm a OAuth2 naive, trying to secure Rest Services. We have an environment, where we developed Client and Server ourselves. Client is deployed on Nginx server, created using HTML, CSS and Javascript. In Javascript, using AJAX we make post requests to REST WebService. REST is deployed on Tomcat server.
Its a web application where user can login by providing his credentials (AJAX calls /login webservice and gets response). Now, to implement OAuth2, I read about it and found that the type of client determines which OAuth grant to use. In this scenario, client seems to be public and Implicit Grant Type or Resource Owner Password Credentials seems an acceptable type. I need suggestions about grant type to choose for this scenario.
Also, what would be the workflow of OAuth2 in this scenario, when it will come into play. Currently, when user clicks on login or register a REST service gets executed accordingly. Now should there be a service which gets called on page load and issues a access token or merging it along with login service.
Referred to The OAuth 2.0 Authorization Framework
