How can we implement authorization server using the latest spring-security-oauth2 jars with Spring 5.0?

Question

I am using spring-security-oauth2 jars from below location with Spring security 5.0: http://repo.spring.io/release/org/springframework/security/

The jars available there are: spring-security-oauth2-core, spring-security-oauth2-client, spring-security-oauth2-jose, spring-security-oauth2-resource-server

I need to implement authorization server.

Earlier, I was using spring-security-oauth2 jar from the below location: http://repo.spring.io/release/org/springframework/security/oauth/spring-security-oauth2/2.0.9.RELEASE/

In the current version, various interfaces like TokenStore, ClientDetailsService, ClientRegistrationService are missing which were available earlier in oauth2 2.0.9.RELEASE.

Is there a way to implement the same using the latest spring-security-oauth2-core/client/jose/resource-server jars with spring security 5.0?

Thanks,

Answer 1

It is possible to create authorization server using this spring-security-oauth2-boot shim jar until such time that spring security 5 rewrites this.

Answer 2

Unfortunately, as of the latest version (5.1.5), there's no native support for creating your own authorization server as there was with Spring Security OAuth, which had the handy @EnableAuthorizationServer and related support classes.

However, the good news is that it'll soon be supported by Spring Security 5:

The plan is to also provide support for Resource Server by mid-2018 and Authorization Server by the end of 2018 or early 2019.

Apparently it'll be later in 2019 than expected.