“Spring Authorization Server – From the basics” Ebook

With the desire to give you a complete guide on building an Authorization Server using Spring Authorization Server, I took the time to write the book “Spring Authorization Server – From the basics”. The Kindle version of this book is currently available on Amazon at https://www.amazon.com/dp/B09RZZ51HD.

This book covers all the required features of an Authorization Server and has been supported by Spring Authorization Server. Update to Spring Authorization Server version 1.0.0.

In this book, I show you how to implement an Authorization Server with Spring Authorization Server, show how to configure a RegisteredClient to support grant types in OAuth 2.1, including grant type Authorization Code with yes and no PKCE, grant type Client Credentials and grant type Refresh Token.

I also guide you through some operations related to access tokens in the chapter “Access token” and how to use the PKCS12 keystore file to secure the access token.

In chapter 6, I mentioned OpenID Connect and showed you how to configure the Authorization Server to be built using Spring Authorization Server, supporting OpenID Connect.

To save information about RegisteredClient, Authorization, and Authorization Consent to the database, you can read chapter “JDBC”.

And finally, to customize the login or consent screen pages of the Authorization Server, please read the chapter “Customization”.

The table of contents for this book is as follows:

1. Introduction 

1.1 OAuth 2.1

1.2 OpenID Connect

1.3 Spring Authorization Server

2. Getting started

2.1 Configure Authorization Server

2.2 Configure Spring Security

2.3 Register client with Authorization Server

2.4 Register user with Authorization Server

2.5 Smoke test

2.6 OAuth Authorization Server Info

3. OAuth 2.1 grant types

3.1 Authorization Code grant type

3.1.1 Standard

3.1.2 With PKCE

3.2 Client Credentials grant type

3.3 Refresh Token grant type

4. Access token

4.1 Change expiration time

4.2 Token introspection

4.3 Token revocation


5.1 Generate PKCS12 keystore

5.2 Use PKCS12 keystore

6. OpenID Connect

6.1 ID Token

6.2 User Info

6.3 Client Registration

6.4 Client Read

6.5 Provider Configuration


7.1 RegisteredClient

7.2 Authorization

7.3 Authorization Consent

8. Customization

8.1 Login

8.2 Consent Screen

8.2.1 Define request URI

8.2.2 Define consent screen template

8.2.3 Configure Authorization Server


  1. Client types in OAuth 2.1

Add Comment