12 OAuth 2 – Implementing the resource server

 

This chapter covers

  • Implementing an OAuth 2 resource server with Spring Security.
  • Implementing token validation by direct communication between the resource server and the authorization server.
  • Using token stores to customize token management.
  • Implementing token validation through blackboarding.

In this chapter, we discuss implementing a resource server with Spring Security. The Resource Server is the component that manages users’ resources. To allow a client to access the resources, the Resource Server requires a valid access token. A client obtains the access token from the Authorization Server and can use this token to call resources on the Resource Server by adding it in the HTTP request headers. Figure 12.1 is a refresher from chapter 10 on the place of the Resource Server in the OAuth 2 authentication architecture.

Figure 12.1 The Resource Server is one of the components acting in the OAuth 2 authentication architecture. The Resource Server manages the users’ data. To call an endpoint on the Resource Server, a client needs to prove with a valid access token that the user approved them to work with their data.

12.1       Implementing a resource server

 
 
 

12.2       Checking the token remotely

 
 
 

12.3       Implementing blackboarding with a JdbcTokenStore

 
 

12.4       A short comparison of the approaches

 
 
 

12.5       Summary

 
 
 
 
sitemap

Unable to load book!

The book could not be loaded.

(try again in a couple of minutes)

manning.com homepage
test yourself with a liveTest