12 How does OAuth 2 work?

 

This chapter covers

  • An overview of OAuth 2

  • An introduction to implementing the OAuth 2 specification

  • Building an OAuth 2 app that uses single sign-on

If you already work with OAuth 2, I know what you’re thinking: the OAuth 2 framework is a vast subject that could take an entire book to cover. And I can’t argue with that, but in four chapters, you’ll learn everything you need to know about applying OAuth 2 with Spring Security. We’ll start this chapter with an overview, where you’ll discover that the main actors in the OAuth 2 framework are the user, the client, the resource server, and the authorization server. After the general introduction, you’ll learn how to use Spring Security to implement the client. Then, in chapters 13 through 15, we’ll discuss implementing the last two components: the resource server and the authorization server. I’ll give you examples and apps you can adapt to any of your real-world scenarios.

To reach this goal, in this chapter, we’ll discuss what OAuth 2 is, and then we’ll apply it to an application focused on authentication with single sign-on (SSO). The reason why I like teaching this subject with the example of an SSO is that it’s very simple but also very useful. It provides an overview of OAuth 2, and it gives you the satisfaction of implementing a fully working application without writing too much code.

12.1 The OAuth 2 framework

12.2 The components of the OAuth 2 authentication architecture

12.3 Implementation choices with OAuth 2

12.3.1 Implementing the authorization code grant type

12.3.2 Implementing the password grant type

12.3.3 Implementing the client credentials grant type

12.3.4 Using refresh tokens to obtain new access tokens

12.4 The sins of OAuth 2

12.5 Implementing a simple single sign-on application

12.5.1 Managing the authorization server

12.5.2 Starting the implementation

12.5.3 Implementing ClientRegistration

12.5.4 Implementing ClientRegistrationRepository

12.5.5 The pure magic of Spring Boot configuration

12.5.6 Obtaining details about an authenticated user

12.5.7 Testing the application

Summary

sitemap