14 OAuth 2: Implementing the resource server

 

This chapter covers

  • Implementing an OAuth 2 resource server

  • Implementing token validation

  • Customizing token management

In this chapter, we’ll discuss implementing a resource server with Spring Security. The resource server is the component that manages user resources. The name resource server might not be suggestive to begin with, but in terms of OAuth 2, it represents the backend you secure just like any other app we secured in the previous chapters. Remember, for example, the business logic server we implemented in chapter 11? To allow a client to access the resources, resource server requires a valid access token. A client obtains an access token from the authorization server and uses it to call for resources on the resource server by adding the token to the HTTP request headers. Figure 14.1 provides a refresher from chapter 12, showing the place of the resource server in the OAuth 2 authentication architecture.

Figure 14.1 The resource server is one of the components acting in the OAuth 2 architecture. The resource server manages user data. To call an endpoint on the resource server, a client needs to prove with a valid access token that the user approves it to work with their data.

14.1 Implementing a resource server

14.2 Checking the token remotely

14.3 Implementing blackboarding with a JdbcTokenStore

14.4 A short comparison of approaches

Summary

sitemap