With the desire to give you a complete guide on building an Authorization Server using Spring Authorization Server, I took the time to write the book “Spring Authorization Server – From the basics”. The Kindle version of this book is currently available on Amazon at https://www.amazon.com/dp/B09RZZ51HD
This book covers all the required features of an Authorization Server and has been supported by Spring Authorization Server.
In the “Getting started” chapter, I use a different way from the way in the tutorial Implement OAuth Authorization Server using Spring Authorization Server to configure Authorization Server and talk more about some other information.
I also show you how to configure a RegisteredClient to support grant types in OAuth 2.1, including authorization_code grant type with and without PKCE, client_credentials grant type, and refresh_token grant type.
I also guide you through some operations related to access tokens in the chapter “Access token” and how to use the PKCS12 keystore file to secure the access token.
To save information about RegisteredClient, Authorization, and Authorization Consent to the database, you can read chapter “JDBC”.
And finally, to customize the login or consent screen pages, please read the chapter “Customization”.
The table of contents for this book is as follows:
- Configure Authorization Server
- Configure Spring Security
- Register client with Authorization Server
- Register user with Authorization Server
- Smoke test
OAuth 2.1 grant types
- 3.1 Authorization Code grant type
- 3.1.1 Standard
- 3.1.2 With PKCE
- 3.2 Client Credentials grant type
- 3.3 Refresh Token grant type
- 4.1 Change expiration time
- 4.2 Token introspection
- 4.3 Token revocation
- 5.1 Generate PKCS12 keystore
- 5.2 Use PKCS12 keystore
- 6.1 RegisteredClient
- 6.2 Authorization
- 6.3 Authorization Consent
- 7.1 Login
- 7.2 Consent Screen
- 7.2.1 Define request URI
- 7.2.2 Define consent screen template
- 7.2.3 Configure Authorization Server
- Client types in OAuth 2.1