DEV Community

Andrew Kang-G
Andrew Kang-G

Posted on

Spring Oauth2 - App-Token based Hybrid Token Verification Methods

If you’re struggling to set up a persistence-based OAuth2 module, consider trying

https://github.com/patternhelloworld/spring-oauth2-easyplus

  • App-Token based easy OAuth2 implementation built to grow with Spring Boot
  • Complete separation of the library and the client (Library : API, Client : DOC, Integration tester)
  • Extensible: Supports multiple authorization servers and resource servers with this library.
  • Hybrid Resource Servers Token Verification Methods: Support for multiple verification approaches, including API calls to the authorization server, direct database validation, and local JWT decoding.
  • Immediate Permission (Authority) Check: Not limited to verifying the token itself, but also ensuring real-time validation of any updates to permissions in the database.
  • Authentication management based on a combination of username, client ID, and App-Token : What is an App-Token? An App-Token is a new access token generated each time the same account logs in. If the token values are the same, the same access token is shared.
  • Separated UserDetails implementation for Admin and Customer roles as an example. (This can be extended such as Admin, Customer, Seller and Buyer… by implementing UserDetailsServiceFactory)
  • Authorization Code Flow with Optional PKCE, Authorization Consent and Single Page Application (XMLHttpRequest)
  • ROPC for scenarios where accessing a browser screen on the server is either unavailable or impractical
  • Application of Spring Rest Docs, Postman payloads provided

Top comments (0)