“Spring Authorization Server – From the basics” Ebook

With the desire to give you a complete guide on building an Authorization Server using Spring Authorization Server, I took the time to write the book “Spring Authorization Server – From the basics”. The Kindle version of this book is currently available on Amazon at https://www.amazon.com/dp/B09RZZ51HD

This book covers all the required features of an Authorization Server and has been supported by Spring Authorization Server.

In the “Getting started” chapter, I use a different way from the way in the tutorial Implement OAuth Authorization Server using Spring Authorization Server to configure Authorization Server and talk more about some other information.

I also show you how to configure a RegisteredClient to support grant types in OAuth 2.1, including authorization_code grant type with and without PKCE, client_credentials grant type, and refresh_token grant type.

I also guide you through some operations related to access tokens in the chapter “Access token” and how to use the PKCS12 keystore file to secure the access token.

To save information about RegisteredClient, Authorization, and Authorization Consent to the database, you can read chapter “JDBC”.

And finally, to customize the login or consent screen pages, please read the chapter “Customization”.

The table of contents for this book is as follows:

Introduction
Getting started
  • Configure Authorization Server
  • Configure Spring Security
  • Register client with Authorization Server
  • Register user with Authorization Server
  • Smoke test
OAuth 2.1 grant types
  • 3.1 Authorization Code grant type
    • 3.1.1 Standard
    • 3.1.2 With PKCE
  • 3.2 Client Credentials grant type
  • 3.3 Refresh Token grant type
Access token
  • 4.1 Change expiration time
  • 4.2 Token introspection
  • 4.3 Token revocation
JWT/JWS/JWK
  • 5.1 Generate PKCS12 keystore
  • 5.2 Use PKCS12 keystore
JDBC
  • 6.1 RegisteredClient
  • 6.2 Authorization
  • 6.3 Authorization Consent
Customization
  • 7.1 Login
  • 7.2 Consent Screen
    • 7.2.1 Define request URI
    • 7.2.2 Define consent screen template
    • 7.2.3 Configure Authorization Server
Appendix
  • Client types in OAuth 2.1

 

Add Comment