Search Tutorials


Spring 5 + OAuth2 Stack | JavaInUse

Spring 5 + OAuth2 Stack


In a previous tutorial we had seen how OAuth has evolved to authorize websites/apps like Yelp to access protected resources like our email contacts without sharing of passwords. In this tutorial we will be looking at the Spring 5 OAuth Stack.

Video

This tutorial is explained in the below Youtube Video.

What is Spring OAuth Project

Almost a decade ago, Spring brought in a community-driven, open-source project, Spring Security OAuth, and made it part of the Spring portfolio of projects. Since its inception, it has evolved into a mature project that supports a large portion of the OAuth specification, including resource servers, clients, login, and the authorization server.

Before Spring 5 OAuth Stack

Prior version of Spring OAuth Stack provided the following -
  1. Spring Client Support
  2. Spring Resource Server
  3. Spring Authorization Server

OAuth2 OpenId Authentication
The prior versions of Spring Security OAuth Project have been deprecated. Patch and security fixes for 2.4x will be provided till May 2022 and 2.5x will be provided till May 2022.

Spring 5 OAuth Stack

Spring 5 OAuth currently only provides -
  1. Spring Client Support
  2. Resource Server
However Authorization Server is still in development stage and has not been released for production use.
OAuth2 OpenId Authentication
More details can be found at the Spring OAuth Discussion Page on Stackoverflow.

Spring 5 OAuth Stack for this tutorial

As Spring 5 OAuth currently only provides Client Support and Resource Server and not Authorization Server we will be making use of Keycloak Server as the Authorization Server
OAuth2 OpenId Authentication