CODEWITHSUNDEEP
javaspring-bootspring-securityoauth-2.0
stacktrace2234
stacktrace2234

Reputation: 1500

What is the difference between "security.oauth2.resource" and "security.oauth2.client"?

I created a spring boot app and using oauth2 for authenticating. I find this tutorial, it works but I am not sure for what are the mentioned properties used to.

https://medium.com/@bcarunmail/securing-rest-api-using-keycloak-and-spring-oauth2-6ddf3a1efcc2

And here is my properties file:

rest.security.issuer-uri=http://localhost:8180/auth/realms/dev
security.oauth2.resource.id=employee-service
security.oauth2.resource.token-info-uri=${rest.security.issuer-uri}/protocol/openid-connect/token/introspect
security.oauth2.resource.user-info-uri=${rest.security.issuer-uri}/protocol/openid-connect/userinfo
security.oauth2.resource.jwt.key-value=-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLXaZjNl+vVB58mjJUkNH4noJieFAWn8ny+ONkqD4Y/EDrx+6pEZynZjNxNcOylI9KU2YqiFVzbVJLsQ35+qWaxO1f0w3XLTnzZ78mV1fLRK8oOX5IpLdQip+VuuUvcwGGs9UfnCEhLc/Tq+AuRxuvT3xIBHAMG/P1ZlhAww9A6hqyYiLy5YBrrZQeFCqYKT/hCpoebeR8M0/iAjOaJ7+qV44Mp6xtYN0f8Xk5jy2k4fbXBgr/1yqsUDJjJuOeJDSRSPwu18NeR70ldbB0lLcpW15d7GTkGLTCTDUia9JbxRuI7tXX93md3LxEpJq224qKxiPTY/7cyxx/AKbEEnywIDAQAB-----END PUBLIC KEY-----


security.oauth2.client.client-id=employee-service
security.oauth2.client.client-secret=b0ea9376-778a-4dc9-b400-90118f32958c
security.oauth2.client.user-authorization-uri=${rest.security.issuer-uri}/protocol/openid-connect/auth
security.oauth2.client.access-token-uri=${rest.security.issuer-uri}/protocol/openid-connect/token
security.oauth2.client.scope=openid
security.oauth2.client.grant-type=client_credentials

(Don't worry about the secret, this keycloak runs on my localhost just for testing purposes)

What is the "client" used for?

And what is the "resource" used for?

Thanks in advance.

Upvotes: 8

Views: 8721

Answers (1)

Amit
Amit

Reputation: 703

OAuth 2 is an authorization method to provide access to protected resources over the HTTP protocol. OAuth defines four roles –

  • Resource Owner - The user of the application.
  • Client – the application (user is using) which require access to user data on the resource server.
  • Resource Server – store user’s data and http services which can return user data to authenticated clients.
  • Authorization Server – responsible for authenticating user’s identity and gives an authorization token. This token is accepted by resource server and validate your identity.

The properties/configuration listed above is the parameter to define/list these entities together.

Upvotes: 8

Related Questions