With the desire to give you a complete guide on building an Authorization Server using Spring Authorization Server, I took the time to write the book “Spring Authorization Server – From the basics”. The Kindle version of this book is currently available on Amazon at… Read More

In the previous tutorial, I showed you how to implement an Authorization Server using Spring Authorization Server, but the information about RegisteredClient in this tutorial is stored in memory. To store RegisteredClient information to the database, how will we do it? In this tutorial, I… Read More

The JSON Web Key Set is a collection of JSON Web Key public keys provided by the Authorization Server so that the Resource Server can verify the access token sent by the Client Application. In the tutorial about implementing OAuth Authorization Server using Spring Authorization Server,… Read More

To revoke a valid access token, stop the Client Application from using that access token, we will use the token revocation endpoint. With the Authorization Server built using Spring Authorization Server, you can use the following POST request to revoke an access token: http://localhost:8080/oauth2/revoke. For… Read More

To check if an access token is still valid, expired, revoked, or issued by our Authorization Server, we will use the token introspection endpoint of the Authorization Server to do this. With Authorization Server implemented using Spring Authorization Server, you can use the token introspection… Read More

A big advantage of OAuth2 is that it can allow us to limit the amount of time a request with a particular access token is allowed to use resources. An access token will determine its expiration time, API resources will rely on this expiration time… Read More

The Authorization Server in OAuth has the task of issuing an access token that allows the Client Application to use this access token to request the resource it needs to use. The Resource Server will validate this access token with the Authorization Server every time… Read More