12 How does OAuth 2 work?

 

This chapter covers

  • What is OAuth 2
  • An introduction to implementing the OAuth 2 framework with Spring Security
  • Developing an application which uses Single Sign-On (SSO) with OAuth 2

If you’re already working with OAuth 2, I know what you’re thinking: OAuth 2 framework is a vast subject that could take an entire book to cover. And I can’t argue with this, but with four chapters, you’ll learn everything you need to know about applying OAuth 2 with Spring Security.  We start in this chapter with an overview where you’ll discover that the main actors in the OAuth 2 framework are the user, the Client, the resource server, and the authorization server. After the general introduction, you’ll learn how to use Spring Security to implement the Client. Then, in chapters 13 to 15, we discuss implementing the last two components: the resource server and the authorization server. I’ll give you examples and apps you can adapt to any of your real-world scenarios.

To reach this goal, in this chapter, we discuss what OAuth 2 is, and then we apply it within an application focused on authentication with single sign-on (SSO). The reason why I like starting teaching this subject with the example of a Single Sign-On (SSO): It’s very simple but also very useful – it allows you to have an overview of OAuth 2, and it gives you the satisfaction of implementing a fully working application without writing too much code.

12.1  The OAuth 2 framework

12.2  The components of the OAuth 2 authentication architecture

12.3  Implementation choices with OAuth 2

12.3.1    Implementing the authorization code grant type

12.3.2    Implementing the password grant type

12.3.3    Implementing the client credentials grant type

12.3.4    Using refresh tokens to obtain new access tokens

12.4  The sins of OAuth 2

12.5  Implementing a simple Single Sign-On application

12.5.1    Managing the authorization server

12.5.2    Starting the implementation

12.5.3    Implementing the ClientRegistration

12.5.4    Implementing a ClientRegistrationRepository

12.5.5    The pure magic of the Spring Boot configuration

12.5.6    Obtaining details about the authenticated user

12.5.7    Testing the application

12.6  Summary

sitemap