Puneet Pandey
Reputation: 960
OAuth2 with Spring MVC rest APIs
I am targetting to secure my REST APIs by custom OAuth Authorization server of my own (NOT google, facebook etc.) by using Resource Owner Password Credentials Grant. The user would pass the credentials over SSL and would get back the Access Token and Refresh token. I followed this tutorial - http://www.beingjavaguys.com/2014/10/spring-security-oauth2-integration.html
However, I have few questions -
- 1- Is it good approach at the first place.
- 2- User credentials in that tutorial are passed as query parameter. It's not the advisable approach. How can I make it a POST request.
- 3- I want to store credential information in Database and implement custom authentication by validating the username/password from DB. (As opposed to the approach in above tutorial in which the credentials are stored in the file)
Please provide your insight. Thanks!
Upvotes: 1
Views: 5980
Answers (1)
Pratik Shah
Reputation: 1852
1) IMHO , I think use Authorization grant instead of resource owner password grant. Which do the same , and more secure then the resource owner password grant.
2) I think you can follow this tutorial to make authentication from DB.
Upvotes: 2
Related Questions
- Spring oauth2 basic authentication
- Spring. Implementation Oauth.2.0 for REST API
- OAuth 2 Java Rest API
- Spring MVC application and OAuth2 authorization
- Authentication with Spring oAuth2.0
- Authorization Server
- Java Spring (Maven) REST API using OAuth2
- Getting oauth2 to work with spring-boot and rest
- Configuring OAuth 2 in Java Spring Boot
- Spring Security OAuth2 simple configuration