stackoom
  简体   繁体   中英

What workflow of OAuth 2 should I use on my application

 原文  2019-04-05 09:56:29       java/ spring/ reactjs/ oauth-2.0

Question

this question is more theorical so I don't know if it should be here. I want to use OAuth2 to Authenticate my user. I was searching on google and found out that there are many workflows of OAuth 2 and I don´t know what to use.

My front-end is developed in React and my back-end is developed on java with springboot.

The users are saved on a database or on the ldap servers, depending on which the person wants to use.

My application is also a Single page app, the only time it refreshes is when the user logs out.

Thanks for your help!

4 answers

solution1
 1  2019-04-05 11:23:12

I think you make some misunderstanding about the OAuth2. OAuth2 is an authorization protocol. If you want to develop an authentication system, it is not suitable for you.

Spring Security or Apache Shiro framework would more suit your authentication system.

If your backend system wants to authorize some permission to your client. then you can use OAuth2.For example, If anyone of your customer wants to authorize a third party service access your resource, then OAuth2 would be the best choice.

solution2
 0  2019-04-05 11:45:51

As Zilong has already explained, the OAuth2 is authorization protocol. But OAuth2 is not exactly specific to Java but it can also be used with React. You can use this link for sample of React + Java OAuth2. I think this is what you are looking for.

solution3
 0  2019-04-05 12:02:05

I'm afraid your quest is not concrete enough. But to find out what architecture and OAuth2 flow to use, take a look at OAuth 2.0 for Browser-Based Apps RFC. There are several options - you can use your SPA or its backend as an OAuth2 client. Take a look at similar SO questions such as this one .

Then, for authentication purpose, learn about OpenId Connect (OAuth2 extension) and its ID token. To get info about the user, you can either use an ID token or the user info enpoint .

solution4
 0  2019-04-12 08:26:29

There are 4 grant types in oAuth2 which is meant for different scenarios. Refer : Securing an existing API with our own solution

Looks like password credential is the one you are looking for.

Resource owner password credential (ROPC) : the consumer (app) make calls using the bearer token created using apikey, secret, username and password. Mostly used when you(your authorization server) already know the users(user database is handled in your own system).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question What kind of simple datastore should I use in my android application? What should I do to get an OAuth2 access token to my javafx spring boot desktop application? Should I use OAuth (or what else) for the backend of a mobile app? - There is only *one* "third-party" application in such cases What should I do to make my Java web application to use HTTPS? How do I use OAuth within my GWT application? What should I tweak on my Java application so it stops crashing? What “drawing” method should I use for a stopwatch application? What dispatcher i should use in a Struts 2.0.11 based web application? What kind of image formats should I use in an Android application? What Swing look and feel should I use for a Java desktop application?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM