I would share my notes on understanding how to set up Spring Security to implement OAuth2. My ultimate goal is to implement an authority provider (Authorization Server in OAuth2 terminology) to support multiple microservices. In this post, I will describe step by step on how to setup Spring Security with OAuth2 and demonstrate how a web server client should interact with the Oauth2 servers.
OAuth2 consists of the following “roles”:
- User / Resource Owner – an entity capable of granting access to a protected resource.
- Resource Server – server hosting the protected resources, capable of accepting and responding to protected resource requests using access token
- Authorization Server – Server issuing access tokens to client after successfully authentication…
View original post 1,112 more words