I'm working on a server side application, what would be a REST API. Users would post data from their own hand made clients via this API to our own system. I would document the format of the data of course. But my question is, is it clever to implement the authentication with OAuth2 or am I better just going the SSL + Basic Auth route? If so, why? I googled a ton of posts and guides about OAuth2 and if it's not the client side they are handling, it is the Spring Security combination which I found rather hard to follow and questionable to implement since none of us in our company has used Spring framework.
Asked
Active
Viewed 3,873 times
0
-
OAuth2 and Spring aren't connected at the hips. You don't need to pull in Spring just to use OAuth2. – Kayaman Nov 07 '17 at 14:05
-
But yet most of the users opt to use the Spring Security + OAuth2 combination instead of just implementing the OAuth2 method. Why? I couldn't find any decent example or tutorial where the case wouldn't be this. And as an addition, all the examples used a login UI, where as I definetly don't want to use a UI to auth. – Santtu Heleä Nov 07 '17 at 14:07
-
Spring is a popular framework. If you're already using Spring, you're obviously going to use Spring security and its OAuth2 implementation instead of rolling your own. – Kayaman Nov 07 '17 at 14:13
1 Answers
0
As for "OAuth2 vs Basic Authentication", read this question (OAuth (Access Token) Vs API Key) and the accepted answer.
Spring Security OAuth is just one implementation. You can find some other implementations here. It should be noted that modern OAuth server implementations support OpenID Connect, but Spring Security OAuth doesn't. If your team is not familiar with Spring framework, there is no reason to use Spring Security OAuth. There exist many better implementations.
Takahiko Kawasaki
- 18,118
- 9
- 62
- 105