0

I found some examples at https://github.com/spring-projects/spring-security-samples/tree/main/servlet/spring-boot/java/oauth2 here, but they are using the Spring Authorization Server to implement a standalone auth server and using a standalone oauth2 client server as a login entry.

I don't want to set up a standalone auth server, I want it to be bundled with a client-server as a single app, as the start-up team doesn't have enough resources to hold more CPU/Mem on the cloud.

I tried to copy configs and dependencies from the login app to the authorization server, but the authorization code flow didn't work as expected.

Can anyone show me how to properly bundle a client-server to a Spring Authorization Server?

Additional context info:

I'm about to set-up a server to be used as an Android app's backend, I want to have the benefit of OAuth2's access token, but I don't want to increase the number of servers I have to manage (maintenance and financial consideration) for a start-up team.

So the best plan I can see is the client (Android app) could send OAuth2 login requests and resources requests to the same server app, which need6 the login entry to be+ bun.dled with. .the .........a.ut.h server.

I'm debugging the examples to see if I can find out a possible way now. ..

Maybe I was wrong in the first place when choosing authorization framework for a first-party native app, is there other recommended frameworks that I should consider?

363 . . .

.............................................................................................................................................................................0 6333333333333333333333333633222222222222222222222222222222222222222563333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333 .. 0.++6666666666666666666+++++++++++++++++++6+++9-9+6665. .

(Sorry for the bad format in the end, my 10 month-old daughter is playing the number-pad of the keyborad while I was typing, I kept those words as I think it's funny <3)

Author: DevDengChao

Co-author: he's 10 month-old daughter.

DevDengChao
  • 198
  • 15
  • Please add additional details about your use case. It's not clear what purpose or end goal you want to achieve with "bundling." If all of the functionality lives in a single instance of an application, then direct calls can be used and there is no reason for OAuth2. – Steve Riesenberg Jul 28 '23 at 15:45
  • @SteveRiesenberg Thanks for your suggestion, more context info has amended into the question. – DevDengChao Jul 29 '23 at 06:15
  • Thanks for the update. I can add an official answer if it's helpful, but if all you want to do is support bearer tokens as valid credentials for the authorization server, you can do this by adding `.oauth2ResourceServer(...jwt())` alongside the existing `.formLogin(...)`. Just make sure the access tokens are JWTs (the default) and not opaque tokens to keep things simple. – Steve Riesenberg Aug 09 '23 at 15:31

0 Answers0