Alex
Reputation: 1029
How to configure spring oauth?
I have 2 web applications:
- Resource Server (@EnableResourceServer)
- auth app (@EnableAuthorizationServer)
They are mapped to one database.
I would like to split database for 2: one for client app and the second one for tokens.
Question: How client app should be configured correctly with oauth?
My current flow:
- Resource Server get request with token
- spring security checks token in database
May be the best flow is to isolate auth app and database and flow should be something like this:
- Resource Server get request token
- and Resource Server makes a request to auth web app (OAuth Server) to verify token
- auth app (OAuth Server) spring security checks token in database
?
Let me know if I misunderstand any point about oauth. Thanks.
Upvotes: 0
Views: 240
Answers (1)
Dave Syer
Reputation: 58094
If you want use the auth server for checking tokens you need a RemoteTokenServices (or the equivalent). If the server is a Spring Oauth sever (using @EnableAuthorizationServer) there should be a /check_token endpoint.
N.B. It might be a good idea to read the spec and get the terminology straight (your "client app" is a "resource server".
Upvotes: 1
Related Questions
- Correctly configure spring security oauth2
- Authentication with Spring oAuth2.0
- Spring Oauth2 Authorization Server
- Spring Security Java Config
- Spring security oauth2 and form login configuration
- Spring Security OAuth Java Config
- configure Oauth2.0 using java and spring
- Configuring OAuth 2 in Java Spring Boot
- Spring security oauth 2 simple example
- Spring Security OAuth2 simple configuration