Showing posts from May, 2017

Implementing oAuth2 in Spring Boot with Spring Security

What an evening!

Too much hot and humid. Total disaster!

So this kinda evening is perfect for an interesting topic. oAuth 2. I guess most of you guys know what the heck it does. But I like to explain, a little. So lets set it up.
  1. Overview
oAuth 2 a an authentication and authorizarion framework, a security concept for rest api, about how you authenticate and authorize a user to access data from your resource server.

It has four main roles.

Resource Owner (That means, You)
Client (Means the application you're using, that accesses your data on the resource server)
Resource Server (Where your data are stored)
Autherization Server (Responsible for authenticating your identity and gives you an authorization token, so that you can request resource server for your data with this token. this token is called access_token)

Authorization server will provide you two tokens if you user refresh_token as grant type. Now what the hell is refresh token? What is the difference between access_token and re…