Store RegisteredClient to database in Spring Authorization Server

In the previous tutorial, I showed you how to implement an Authorization Server using Spring Authorization Server, but the information about RegisteredClient in this tutorial is stored in memory. To store RegisteredClient information to the database, how will we do it? In this tutorial, I will show you how to do this!

First, I also created a new Spring Boot project with Web Starter, Security Starter, Data JPA, PostgreSQL Driver:

and Spring Authorization Server:

for example.

Result:

I will configure Spring Security as in the tutorial Implement OAuth Authorization Server using Spring Authorization Server as follows:

As for the configuration for the Authorization Server, I also do the same as the tutorial Implement OAuth Authorization Server using Spring Authorization Server, but I will do the following for the RegisteredClient information declaration:

To store RegisteredClient information to the database, first, we need to define the database structure to do this.

By default, Spring Authorization Server provides us with database script to create database structure. You can copy them in the Spring Authorization Server .jar file:

You can go to Github of Spring Authorization Server here to copy these files.

I will use Flyway to manage database migration:

by copying the schema files of the Spring Authorization Server into the src/main/resources/db/migration directory as follows:

In the script that creates the oauth2_authorization table in the file V1__oauth2-authorization-schema.sql, there is a definition of the BLOB data type, presumably for the Oracle database:

If you are using PostgreSQL database like me, you need to change to BYTEA type! Otherwise, running the database migration will fail.

Declare the Datasource to run the database migration as follows:

Now you can define RegisteredClient in the database, for example as follows:

Here, I define a RegisteredClient with grant type of client_credentials with a fixed ID so that every time I start the app, there is no duplicate record in the database. Depending on your needs, please write the corresponding code!

We will use the JdbcRegisteredClientRepository object to store this RegisteredClient information. The parameter when initializing the JdbcRegisteredClientRepository object is JdbcTemplate object.

Now, if you run the application, you will see in the oauth2_registered_client table, a new record of RegisteredClient that I declared above, is inserted:

You should also note that the client secret is encrypted using the DelegatingPasswordEncoder class with the bcrypt algorithm. Right now we can’t declare the algorithm we want!

That’s it guys, if you now run the application and get the clientId token above, you will see the following results:

4 thoughts on “Store RegisteredClient to database in Spring Authorization Server

  1. Thank you for the article. It is very informative. Is there currently any way to configure the authorization server to store the generated authentication tokens in the database, so when the authorization server is restarted, the authentication tokens that haven’t expired yet are still recognized by the authorization server?

Add Comment