Spring Security & OAuth 2.0 - In-Depth

Contents

00 Introduction

  1.    The confusing OAuth 2.0 world
  2.    What is OAuth 2.0
  3.    Changelog

01 OAuth 2.0 - Fundamentals

  1.    Meet: Resources, Owners & Clients
  2.    Meet: Authorization Servers
  3.    The Access Token OAuth 2.0 Dance
  4.    Side-Note: Single Page Javascript & Native Apps
  5.    How does the PKCE protocol work?
  6.    The SPA & Native App Callback Problem
  7.    Side-Note: Other OAuth2 flows
  8.    How does the protected resource verify access tokens?
  9.    OpenID - The OAuth 2.0 Social Login Dance

02 Spring Security & OAuth 2.0: Overview

  1.    A version history

03 Spring Security & OAuth 2.0 Authorization Servers

04 Spring Security & OAuth 2.0 Resource Servers

  1.    What dependencies do I need to get started with Spring Security and OAuth 2.0 Resource Servers?
  2.    How do I configure the Resource Server support?
  3.    What does my resource server code look like?
  4.    Where can I find out more about Resource Server?

05 Spring Security & OAuth 2.0 Clients

  1.    What dependencies do I need to get started with Spring Security and OAuth 2.0 Clients?
  2.    How do I configure the client support to get a fully configured OAuth 2.0 rest client?
  3.    How do I use the OAuth 2.0 WebClient?
  4.    How do I protect my application with OAuth 2.0 logins?
  5.    How does Spring represent a successful OAuth2Login? Is there a specific user/principal class?
  6.    How do I protect my controllers and services with these authorities?
  7.    How can I access the OAuth2User in my code?
  8.    How to make a local copy of the OAuth2User

06 FAQ

  1.    Can a resource server simultaneously be a client?
  2.    Your Question

07 Fin

  1.    Outro
  2.    What’s missing in this article
  3.    Full Source Code
  4.    Acknowledgments