1

My requirement is to implement oauth 2 using spring boot.

It's for dynamic client registration(client id ,client secret ….) to be stored in the database, not in memory.

The first option I see is using spring-security-oauth2. But as per docs https://spring.io/projects/spring-security-oauth.
It says Spring Security OAuth is deprecated and The latest OAuth 2.0 support is provided by Spring Security.

Spring Security OAuth being deprecated I won’t be using it for my current implementation.

Now the option I have now is to use it from Spring Security. Bu as per docs https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide it says Spring Security doesn’t provide Authorization Server support.

Now here I am confused about what shall I do either use Spring Security OAuth which is deprecated or wait for Spring Security to provide Authorization Server support. I want to have advice from an expert . Is there any tutorial to achieve it without Spring Security OAuth?

Abhishek Bhagate
  • 5,583
  • 3
  • 15
  • 32
abishkar bhattarai
  • 7,371
  • 8
  • 49
  • 66

1 Answers1

0

There is a new project to create a Spring Security new Authorization Server: https://github.com/spring-projects-experimental/spring-authorization-server However its a long way off being completed.

I gather since your only going to be using "client credentials" grant, you could use the deprecated Authorization Server, I use it for small internal applications, works well for simple use cases, and it's very customizable. e.g. project: https://github.com/wlesniak/effective-oauth2-with-spring-security-and-spring-boot/tree/master/module_4

Your other option, especially if you want to use OpenID connect, and the latest Oauth features, would be a 3rd party Auth server like: keycloak Its opensource, and developed by Red Hat, great product all the bells and whistles, and has good spring support, easy to configure.

Wojciech Lesniak
  • 294
  • 2
  • 6