Spring Security & OAuth 2.0 - In Depth - header image

Spring Security & OAuth 2.0 - In Depth

Last updated on July 28, 2020 -

Who the hell am I?

I'm @MarcoBehler and I share everything I know about making awesome software through my guides, screencasts, talks and courses.

Follow me on Twitter to find out what I'm currently working on.

This article is going to cover OAuth 2.0, as well as Spring Security’s OAuth 2.0 projects & modules, in-depth.

As with all other articles on this site, this is not going to be a "5 easy steps to integrate Spring Security and Oauth2", but rather a comprehensive "what, how and why" @ ~7,000-10,000 words.

The tentative release date is the first week of September.

Exclusive Early Access

This will be a premium article, only available to customers.

You can wait to buy the article until it is fully published, or support my writing and get exclusive access to it - while it is being written.

Note: The first parts of this article will be published on August 15th.

Meanwhile, you can follow me on Twitter to get regular updated on the writing process.

Get Early Access| $X

($X net plus $X VAT)

Rough Table of Contents

Here’s a high level overview of the contents. Send your feedback on what you’d like to see covered to marco@marcobehler.com.

  • An introduction to OAuth 2.0

    • What problem is it trying to solve?

    • The bad old days

    • The 3 players of the OAuth 2.0 game

    • Authorization Grant Flows

    • Tokens (Access & Refresh)

  • Spring Security & OAuth 2.0

    • A short history of Spring Security projects

    • Which version/project/modules to use

    • Caveats

  • Spring Security - Resource Server

    • What is a resource server?

    • Spring Resource Server project

    • How to protect resources

  • Spring Security - Authenticating with OAuth2

    • What does an Authorization Server do? How does it work?

    • OAuth2 clients In-Depth

    • Keycloak and Spring Authorization Server

    • Social Logins (GitHub, Facebook, Twitter)

    • WebClient integration

  • Spring & JWT

    • What do you need JWT for? What is JOSE? How are JWTs structured?

    • What libraries to use with JWT? Spring Security JWT Support

    • Spring Security & JWT/JOSE