OAuth2 Boot

Table of Contents

1. Authorization Server

1.1. Do I Need to Stand Up My Own Authorization Server?

1.2. Dependencies

1.3. Minimal OAuth2 Boot Configuration

1.3.1. Enabling the Authorization Server

1.3.2. Specifying a Client and Secret

1.3.3. Retrieving a Token

1.4. How to Switch Off OAuth2 Boot’s Auto Configuration

1.5. How to Make Authorization Code Grant Flow Work

1.5.1. Adding End Users

1.5.2. Adding an End-User Login Flow

1.5.3. Registering a Redirect URI With the Client

1.5.4. Testing Authorization Code Flow

1.6. How to Make Password Grant Flow Work

1.7. How and When to Give Authorization Server an AuthenticationManager

1.7.1. Exposing a UserDetailsService

1.7.2. Exposing an AuthenticationManager

1.7.3. Depending on AuthenticationConfiguration

1.7.4. Manually Wiring An AuthenticationManager

1.8. Is Authorization Server Compatible with Spring Security 5.1 Resource Server and Client?

1.8.1. Configuring Authorization Server to Use JWKs

1.8.2. Add a JWK Set URI Endpoint

1.8.3. Testing Against Spring Security 5.1 Resource Server

2. Resource Server

2.1. Token Type in User Info

2.2. Customizing the User Info RestTemplate

3. Client

4. Single Sign On

A. Common Application Properties