chapter eleven

11 OAuth 2 – Implementing the authorization server

 

This chapter covers

  • Implementing an OAuth 2 authorization server.
  • Managing clients for the authorization server.
  • Using the OAuth 2 grant types.

In this chapter, we discuss implementing an authorization server with Spring Security. As you learned in chapter 10, the Authorization Server is one of the components acting in the OAuth 2 architecture (figure 11.1). The role of the Authorization Server is to authenticate the user and provide a token to the client. The client uses this token to access resources exposed by the resource server on behalf of the user.

Also, in chapter 10, you learned that the OAuth 2 framework defines multiple flows for obtaining the token. We call these flows “grants.” You’ll choose one of the different flows according to your scenario. The behavior of the Authorization Server is different depending on the chosen grant. In this chapter, you’ll learn how to configure an authorization server with Spring Security for the most common OAuth 2 grants:

  • Authorization code grant
  • Password grant
  • Client credentials grant

11.1       Writing your own authorization server implementation

11.2       Defining user management

11.3       Registering clients with the Authorization Server

11.4       Using the password grant

11.5       Using the authorization code grant

11.6       Using the client credentials grant

11.7       Using the refresh token grant

11.8       Summary