13 What are OAuth 2 and OpenID Connect?

This chapter covers

The purpose of access tokens
How tokens are issued and validated in an OAuth 2 system
The roles involved in an OAuth 2/OpenID Connect system

Suppose you work for a large organization and use several tools in your daily work. You use bug tracker apps, apps for documenting your work, apps for registering your time, and so on. In each one, you need to authenticate tools to work with them. Would you use different sets of credentials for these apps? Of course, doing so could work, but this approach would be cumbersome for the user (you), and it would also complicate the purpose of the apps you work with.

For you, the complexity comes from the fact that you’d have to remember the credentials ...

Get Spring Security in Action, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Spring Security in Action, Second Edition by Laurentiu Spilca

13 What are OAuth 2 and OpenID Connect?

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly