14 Implementing an OAuth 2 authorization server

This chapter covers

Implementing a Spring Security OAuth 2 authorization server
Using the authorization code and client credentials grant types
Configuring opaque and non-opaque access tokens
Using token revocation and introspection

Chapter 13 covered OAuth 2 and OpenID Connect. We discussed the actors that play a role in a system where the authentication and authorization are based on the OAuth 2 specification. The authorization server was one of these actors. Its role is to authenticate a user and the app they use (the client), as well as issue tokens that serve as proof of authentication to access resources protected by a backend. Sometimes, the client does that on behalf of a user.

The Spring ...

Get Spring Security in Action, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Spring Security in Action, Second Edition by Laurentiu Spilca

14 Implementing an OAuth 2 authorization server

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly