Reputation: 984
Custom Manual Oauth2 Authentication at RESTful Service
I am developing some RESTful services for our mobile app using Spring Boot. I succesfully implemented Oauth2 authentication with our registration using username and password. Users can authenticate by using username and password. Also our client want to be authenticated with their custom token. They have a web service that you send token and response is true or false.
My first thought was, I can write a service like /custom-login and that service accepts custom token. In my service I can check this token with external service and if it is valid I call oauth2 authentication and return oauth2 authentication response.
How can I implement custom authentication oauth2 ?
Upvotes: 0
Views: 401
Answers (1)
Reputation: 2488
OAuth2.0 spec allows for custom grant types,
So your auth server can create an custom grant type,
for eg: let's assume your wanted to authenticate with Google using Google access token, so you will create new grant_type called google_token
So now when your users wanted to authenticate using Google access token , they will pass like
grant_type=google_token&client_id=clientId&client_secret=secret&google_token=google-access-token
Then your auth server can verify the access token with Google and optionally verify client is issued to, etc and once verified , it can return your own access token
This applies for third party auth severs, so you can create number of custom grant types
Upvotes: 1
Related Questions
- What's the difference between @Component, @Repository & @Service annotations in Spring?
- Spring Security 5 : There is no PasswordEncoder mapped for the id "null"
- What is username and password when starting Spring Boot with Tomcat?
- How to do rest authentication with Spring Social?
- OAUTH2 user service with Custom Authentication Providers
- Integrate Spring Security OAuth2 and Spring Social
- Spring-security with Oauth2 and LDAP