How to configure spring oauth?
Question
I have 2 web applications:
- Resource Server (@EnableResourceServer)
- auth app (@EnableAuthorizationServer)
They are mapped to one database.
I would like to split database for 2: one for client app and the second one for tokens.
Question: How client app should be configured correctly with oauth?
My current flow:
- Resource Server get request with token
- spring security checks token in database
May be the best flow is to isolate auth app and database and flow should be something like this:
- Resource Server get request token
- and Resource Server makes a request to auth web app (OAuth Server) to verify token
- auth app (OAuth Server) spring security checks token in database
?
Let me know if I misunderstand any point about oauth. Thanks.
1 answers
solution1
1 ACCPTED 2014-10-08 12:12:45
If you want use the auth server for checking tokens you need a RemoteTokenServices (or the equivalent). If the server is a Spring Oauth sever (using @EnableAuthorizationServer ) there should be a /check_token endpoint.
NB It might be a good idea to read the spec and get the terminology straight (your "client app" is a "resource server".
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.