This chapter covers
- Implementing an OAuth 2 login
- Implementing a Spring Security OAuth 2 client
- Using the client credentials grant type
Often, it is necessary to implement communication between backend applications, especially for backend apps involving multiple services. In such cases, when systems have authentication and authorization built over OAuth 2, it’s recommended that you authenticate calls between apps using the same approach. While developers use HTTP Basic and API Key authentication methods (chapter 6) for simplicity in some cases to keep the system consistent and more secure, using the OAuth 2 client credentials grant type is the preferred option.
Remember the OAuth 2 actors (figure 16.1)? We discussed the authorization server in chapter 14 and the resource server in chapter 15. This chapter is dedicated to the client. We’ll discuss how to use Spring Security to implement an OAuth 2 client and when and how a backend app becomes a client in an OAuth 2 system.
Figure 16.1 The OAuth2 actors. In this chapter, we discuss the client and how a backend app can act as a client in a system with authentication and authorization designed as OAuth 2.
