OAuth2 Boot


Table of Contents

1. Authorization Server
1.1. Do I Need to Stand Up My Own Authorization Server?
1.2. Dependencies
1.3. Minimal OAuth2 Boot Configuration
1.3.1. Enabling the Authorization Server
1.3.2. Specifying a Client and Secret
1.3.3. Retrieving a Token
1.4. How to Switch Off OAuth2 Boot’s Auto Configuration
1.5. How to Make Authorization Code Grant Flow Work
1.5.1. Adding End Users
1.5.2. Adding an End-User Login Flow
1.5.3. Registering a Redirect URI With the Client
1.5.4. Testing Authorization Code Flow
1.6. How to Make Password Grant Flow Work
1.7. How and When to Give Authorization Server an AuthenticationManager
1.7.1. Exposing a UserDetailsService
1.7.2. Exposing an AuthenticationManager
1.7.3. Depending on AuthenticationConfiguration
1.7.4. Manually Wiring An AuthenticationManager
1.8. Is Authorization Server Compatible with Spring Security 5.1 Resource Server and Client?
1.8.1. Configuring Authorization Server to Use JWKs
1.8.2. Add a JWK Set URI Endpoint
1.8.3. Testing Against Spring Security 5.1 Resource Server
2. Resource Server
2.1. Dependencies
2.2. Minimal OAuth2 Boot Configuration
2.2.1. Enabling the Resource Server
2.2.2. Specifying a Token Verification Strategy
JWT
Opaque
2.2.3. Accessing a Resource
2.3. How to Use JWT with a Single Key
2.4. How to Configure the Token Info Endpoint
2.5. How to Configure the User Info Endpoint
2.5.1. Customizing the User Info Request
2.6. Customizing Authorization Rules
2.7. Less Common Features
2.7.1. Changing the Token Type
2.7.2. Changing the Filter Order
2.7.3. Permitting the /error Endpoint
3. Client
4. Single Sign On
A. Common Application Properties