With our endpoints now secured, we need a way for the clients to request authorization. To do that, we'll expose a new endpoint, unsecured, of course, as follows:

 @POST @Path("authorize") @Consumes(MediaType.TEXT_PLAIN) public Response getAuthorization(String clientCode) { if (clientCode != null && clientCode.equals(deskDroidService.code)) { String jwt = Jwts.builder() .setSubject("DeskDroid") .signWith(SignatureAlgorithm.HS512, KeyGenerator.getKey( deskDroidService.getApplicationContext())) .compact(); LocalBroadcastManager.getInstance( deskDroidService.getApplicationContext()) .sendBroadcast(new Intent( DeskDroidService.CODE_ACCEPTED)); return Response.ok(jwt).build(); } return Response.status(Response.Status.UNAUTHORIZED).build(); ...