Sessions

Implementing an OAuth 2 authorization server with Spring Security - the new way!

Laurentiu Spilca - Endava

After project Spring Security OAuth has been deprecated, there was a lot of confusion in the community. You could use Spring Security to write the resource server but not the authorization server. But the dark age is now over.

In this session, we discuss implementing an authorization server using the new Spring Security Authorization Server project. https://spring.io/blog/2021/08/19/spring-authorization-server-goes-to-production

OAuth 2 and OpenID Connect are tremendously important today since they represent the most used standards for implementing authentication in apps. Spring apps are no exception to this approach. We’ll start with a refresher on OAuth 2 and OpenID Connect and remember shortly how an authorization server was configured using the Spring Security OAuth project (now deprecated). Then, we’ll work on an example where we implement an authorization server using the new approach -the Spring Security Authorization Server project. You’ll learn how to use the new project to write your custom authorization server but also what advantages does this project brings above the old-fashioned way.