Spring 5 + OAuth2 Stack

In a previous tutorial we had seen how OAuth has evolved to authorize websites/apps like Yelp to access protected resources like our email contacts without sharing of passwords. In this tutorial we will be looking at the Spring 5 OAuth Stack.

What is Spring OAuth Project

Almost a decade ago, Spring brought in a community-driven, open-source project, Spring Security OAuth, and made it part of the Spring portfolio of projects. Since its inception, it has evolved into a mature project that supports a large portion of the OAuth specification, including resource servers, clients, login, and the authorization server.

Before Spring 5 OAuth Stack

Prior version of Spring OAuth Stack provided the following -

1. Spring Client Support
2. Spring Resource Server
3. Spring Authorization Server

The prior versions of Spring Security OAuth Project have been deprecated. Patch and security fixes for 2.4x will be provided till May (2024) and 2.5x will be provided till May (2024).

Spring 5 OAuth Stack

Spring 5 OAuth currently only provides -

1. Spring Client Support
2. Resource Server

However Authorization Server is still in development stage and has not been released for production use.

More details can be found at the Spring OAuth Discussion Page on Stackoverflow.

Spring 5 OAuth Stack for this tutorial

As Spring 5 OAuth currently only provides Client Support and Resource Server and not Authorization Server we will be making use of Keycloak Server as the Authorization Server